[apparmor] RFC: handling xdg-open and similar helpers

[intrigeri]

Simon McVittie:
> On Fri, 26 Jan 2018 at 09:06:15 +0100, intrigeri wrote:
>> regardless of the exact sandboxing technology
>> that's used to confine the app, in any case we need to teach the apps
>> (or some underlying toolkit) to send IPC requests instead of executing
>> programs themselves.

> This sounds suspiciously like portals: it's usually GTK or GLib, not the
> application, that detects that it's confined by Flatpak (or in principle
> something else) and talks to a portal instead of doing more of the work
> itself.

Of course.

(If anyone needs convincing, that won't be me :)

Cheers,
-- 
intrigeri