<div dir="ltr"><div><div><div><div>Hi John, </div>Thank you very much for your response and for the good work all of you are doing :) </div>I'll try to test it when it is possible. </div>Best, </div>Eloy </div><div class="gmail_extra"> <div class="gmail_quote">2016-09-21 10:39 GMT+02:00 John Lenton <<a href="mailto:john.lenton@canonical.com" target="_blank">john.lenton@canonical.com</a>>: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Eloy, Spencer, Otfried, The xdg-open we ship in /usr/local in the snap-core snap failing like that is a bug; it seems we weren't covering this use case in our tests. jdstrand has now addressed this, and although with his fix right now you'll need to ask for the unity7 interface it is expected to grow into a more fine-grained interface at some point, it was put there to unblock people (i.e. you). We expect this fix to be part of the 2.15 release, but it might slip to 2.16. This is not the whole story, however. You'll also need the snapd-xdg-open package (or a dbus service providing OpenURL on the com.canonical.SafeLauncher interfacee) in your classic system. You can install that in yakkety, or get it from -proposed for xenial (<a href="https://launchpad.net/ubuntu/+source/snapd-xdg-open" rel="noreferrer" target="_blank">https://launchpad.net/ubuntu/+source/snapd-xdg-open</a>), or get the source from <a href="https://github.com/snapcore/snapd-xdg-open" rel="noreferrer" target="_blank">https://github.com/snapcore/snapd-xdg-open</a>. As soon as it gets out of -proposed and into -updates we'll have snapd recommend it, but this might not be ready for 2.15. On 21 September 2016 at 08:18, Eloy García (PC Actual) <div class="HOEnZb"><div class="h5"><<a href="mailto:eloy.garcia.pca@gmail.com">eloy.garcia.pca@gmail.com</a>> wrote: > Hi all. > > I have the same problem in my snap java-based application. I use xdg-open > command to launch the default browser so, it would be great a solution :) > > Best, > > Eloy > > 2016-09-20 15:46 GMT+02:00 Spencer Parkin <<a href="mailto:spencertparkin@gmail.com">spencertparkin@gmail.com</a>>: >> >> This is related to a question I had as well. I have a program that uses >> wxLaunchDefaultBrowser which, looking at its implementation, tries to make >> the system call "exec()" to launch the default browser with a URL. >> >> If snap programs are not allowed to start other processes, that's fine; >> but if enough people need to launch the default browser with a URL, then I'm >> sure a secure solution just for this could somehow be implemented for snaps. >> >> I gather that one design goal of snaps, however, is the ability for people >> to write programs for any environment, but also have them work as snaps so >> that the programmer doesn't have to write snap-specific code, or make >> snap-specific considerations in their code. In other words, your code >> should be "none-the-wiser" that it is running in the confined area. >> >> So with that in mind, I'm not sure how to solve the problem. Any secure >> API exposed to snap applications already breaks the above design goal. >> >> Of course, it's not unreasonable for my program to have "#ifdef WIN32" or >> "#ifdef UNIX", and in the latter case, I may be looking to utilize something >> in a standard unix environment which, I believe, is synthesized in Unbuntu >> Core. That's where I believe the snap environment can intercept what an >> application is doing and provide a secure solution, and this may be the >> "xdg-open" thing Otfried was talking about. >> >> >> On Mon, Sep 19, 2016 at 2:37 AM, Otfried Cheong <<a href="mailto:otfried@ipe.airpost.net">otfried@ipe.airpost.net</a>> >> wrote: >>> >>> Hello, >>> >>> my app has a manual in html. I normally show this using "xdg-open >>> <url>", but from the snap this results in "xdg-open: Permission denied", >>> leaving this log: >>> >>> [21249.231634] audit: type=1400 audit(1474273861.873:383): >>> apparmor="DENIED" operation="exec" profile="<a href="http://snap.ipe.sh" rel="noreferrer" target="_blank">snap.ipe.sh</a>" >>> name="/usr/local/bin/xdg-open" pid=9551 comm="sh" requested_mask="x" >>> denied_mask="x" fsuid=1000 ouid=0 >>> >>> According to >>> <a href="https://lists.ubuntu.com/archives/snapcraft/2016-September/001048.html" rel="noreferrer" target="_blank">https://lists.ubuntu.com/archives/snapcraft/2016-September/001048.html</a> >>> this should work. >>> I did refresh ubuntu-core from the beta channel and currently have >>> revision 636 of ubuntu-core. >>> >>> >>> Slightly related: If I understand >>> <a href="https://lists.ubuntu.com/archives/snapcraft/2016-September/001118.html" rel="noreferrer" target="_blank">https://lists.ubuntu.com/archives/snapcraft/2016-September/001118.html</a> >>> correctly, the host filesystem should be exposed to the snap as >>> /var/lib/snapd/hostfs in devmode? It isn't on my system. >>> >>> Cheers, >>> Otfried >>> >>> >>> -- >>> Snapcraft mailing list >>> <a href="mailto:Snapcraft@lists.snapcraft.io">Snapcraft@lists.snapcraft.io</a> >>> Modify settings or unsubscribe at: >>> <a href="https://lists.ubuntu.com/mailman/listinfo/snapcraft" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/snapcraft</a> >> >> >> >> -- >> Snapcraft mailing list >> <a href="mailto:Snapcraft@lists.snapcraft.io">Snapcraft@lists.snapcraft.io</a> >> Modify settings or unsubscribe at: >> <a href="https://lists.ubuntu.com/mailman/listinfo/snapcraft" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/snapcraft</a> >> > > > > -- > Eloy García Almadén > > -- > Snapcraft mailing list > <a href="mailto:Snapcraft@lists.snapcraft.io">Snapcraft@lists.snapcraft.io</a> > Modify settings or unsubscribe at: > <a href="https://lists.ubuntu.com/mailman/listinfo/snapcraft" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/snapcraft</a> > </div></div></blockquote></div> -- <div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Eloy García Almadén </div></div> </div>