Using xdg-open from snap

Eloy García (PC Actual) eloy.garcia.pca at gmail.com
Wed Sep 21 07:18:21 UTC 2016


Hi all.

I have the same problem in my snap java-based application. I use xdg-open
command to launch the default browser so, it would be great a solution :)

Best,

Eloy

2016-09-20 15:46 GMT+02:00 Spencer Parkin <spencertparkin at gmail.com>:

> This is related to a question I had as well.  I have a program that uses
> wxLaunchDefaultBrowser which, looking at its implementation, tries to make
> the system call "exec()" to launch the default browser with a URL.
>
> If snap programs are not allowed to start other processes, that's fine;
> but if enough people need to launch the default browser with a URL, then
> I'm sure a secure solution just for this could somehow be implemented for
> snaps.
>
> I gather that one design goal of snaps, however, is the ability for people
> to write programs for any environment, but also have them work as snaps so
> that the programmer doesn't have to write snap-specific code, or make
> snap-specific considerations in their code.  In other words, your code
> should be "none-the-wiser" that it is running in the confined area.
>
> So with that in mind, I'm not sure how to solve the problem.  Any secure
> API exposed to snap applications already breaks the above design goal.
>
> Of course, it's not unreasonable for my program to have "#ifdef WIN32" or
> "#ifdef UNIX", and in the latter case, I may be looking to utilize
> something in a standard unix environment which, I believe, is synthesized
> in Unbuntu Core.  That's where I believe the snap environment can intercept
> what an application is doing and provide a secure solution, and this may be
> the "xdg-open" thing Otfried was talking about.
>
>
> On Mon, Sep 19, 2016 at 2:37 AM, Otfried Cheong <otfried at ipe.airpost.net>
> wrote:
>
>> Hello,
>>
>> my app has a manual in html.  I normally show this using "xdg-open
>> <url>", but from the snap this results in "xdg-open: Permission denied",
>> leaving this log:
>>
>> [21249.231634] audit: type=1400 audit(1474273861.873:383):
>> apparmor="DENIED" operation="exec" profile="snap.ipe.sh"
>> name="/usr/local/bin/xdg-open" pid=9551 comm="sh" requested_mask="x"
>> denied_mask="x" fsuid=1000 ouid=0
>>
>> According to
>> https://lists.ubuntu.com/archives/snapcraft/2016-September/001048.html
>> this should work.
>> I did refresh ubuntu-core from the beta channel and currently have
>> revision 636 of ubuntu-core.
>>
>>
>> Slightly related:  If I understand
>> https://lists.ubuntu.com/archives/snapcraft/2016-September/001118.html
>> correctly, the host filesystem should be exposed to the snap as
>> /var/lib/snapd/hostfs in devmode?    It isn't on my system.
>>
>> Cheers,
>>  Otfried
>>
>>
>> --
>> Snapcraft mailing list
>> Snapcraft at lists.snapcraft.io
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
>> an/listinfo/snapcraft
>>
>
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>


-- 
Eloy García Almadén
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160921/9d9adffd/attachment.html>


More information about the Snapcraft mailing list