<div dir="ltr">That was a good explanation indeed, thanks John.<div><br></div><div>Can we do something better than just recommend it on classic? The feature is common enough that this should be a requirement, I think.<div><br></div><div>The problem then is how to drop the package when building the Ubuntu Core image.</div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 21, 2016 at 5:39 AM, John Lenton <span dir="ltr"><<a href="mailto:john.lenton@canonical.com" target="_blank">john.lenton@canonical.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Eloy, Spencer, Otfried,<br>
<br>
The xdg-open we ship in /usr/local in the snap-core snap failing like<br>
that is a bug; it seems we weren't covering this use case in our<br>
tests.<br>
<br>
jdstrand has now addressed this, and although with his fix right now<br>
you'll need to ask for the unity7 interface it is expected to grow<br>
into a more fine-grained interface at some point, it was put there to<br>
unblock people (i.e. you). We expect this fix to be part of the 2.15<br>
release, but it might slip to 2.16.<br>
<br>
This is not the whole story, however. You'll also need the<br>
snapd-xdg-open package (or a dbus service providing OpenURL on the<br>
com.canonical.SafeLauncher interfacee) in your classic system. You can<br>
install that in yakkety, or get it from -proposed for xenial<br>
(<a href="https://launchpad.net/ubuntu/+source/snapd-xdg-open" rel="noreferrer" target="_blank">https://launchpad.net/ubuntu/<wbr>+source/snapd-xdg-open</a>), or get the<br>
source from <a href="https://github.com/snapcore/snapd-xdg-open" rel="noreferrer" target="_blank">https://github.com/snapcore/sn<wbr>apd-xdg-open</a>. As soon as it<br>
gets out of -proposed and into -updates we'll have snapd recommend it,<br>
but this might not be ready for 2.15.<br>
<br>
On 21 September 2016 at 08:18, Eloy García (PC Actual)<br>
<div><div><<a href="mailto:eloy.garcia.pca@gmail.com" target="_blank">eloy.garcia.pca@gmail.com</a>> wrote:<br>
> Hi all.<br>
><br>
> I have the same problem in my snap java-based application. I use xdg-open<br>
> command to launch the default browser so, it would be great a solution :)<br>
><br>
> Best,<br>
><br>
> Eloy<br>
><br>
> 2016-09-20 15:46 GMT+02:00 Spencer Parkin <<a href="mailto:spencertparkin@gmail.com" target="_blank">spencertparkin@gmail.com</a>>:<br>
>><br>
>> This is related to a question I had as well. I have a program that uses<br>
>> wxLaunchDefaultBrowser which, looking at its implementation, tries to make<br>
>> the system call "exec()" to launch the default browser with a URL.<br>
>><br>
>> If snap programs are not allowed to start other processes, that's fine;<br>
>> but if enough people need to launch the default browser with a URL, then I'm<br>
>> sure a secure solution just for this could somehow be implemented for snaps.<br>
>><br>
>> I gather that one design goal of snaps, however, is the ability for people<br>
>> to write programs for any environment, but also have them work as snaps so<br>
>> that the programmer doesn't have to write snap-specific code, or make<br>
>> snap-specific considerations in their code. In other words, your code<br>
>> should be "none-the-wiser" that it is running in the confined area.<br>
>><br>
>> So with that in mind, I'm not sure how to solve the problem. Any secure<br>
>> API exposed to snap applications already breaks the above design goal.<br>
>><br>
>> Of course, it's not unreasonable for my program to have "#ifdef WIN32" or<br>
>> "#ifdef UNIX", and in the latter case, I may be looking to utilize something<br>
>> in a standard unix environment which, I believe, is synthesized in Unbuntu<br>
>> Core. That's where I believe the snap environment can intercept what an<br>
>> application is doing and provide a secure solution, and this may be the<br>
>> "xdg-open" thing Otfried was talking about.<br>
>><br>
>><br>
>> On Mon, Sep 19, 2016 at 2:37 AM, Otfried Cheong <<a href="mailto:otfried@ipe.airpost.net" target="_blank">otfried@ipe.airpost.net</a>><br>
>> wrote:<br>
>>><br>
>>> Hello,<br>
>>><br>
>>> my app has a manual in html. I normally show this using "xdg-open<br>
>>> <url>", but from the snap this results in "xdg-open: Permission denied",<br>
>>> leaving this log:<br>
>>><br>
>>> [21249.231634] audit: type=1400 audit(1474273861.873:383):<br>
>>> apparmor="DENIED" operation="exec" profile="<a href="http://snap.ipe.sh" rel="noreferrer" target="_blank">snap.ipe.sh</a>"<br>
>>> name="/usr/local/bin/xdg-open" pid=9551 comm="sh" requested_mask="x"<br>
>>> denied_mask="x" fsuid=1000 ouid=0<br>
>>><br>
>>> According to<br>
>>> <a href="https://lists.ubuntu.com/archives/snapcraft/2016-September/001048.html" rel="noreferrer" target="_blank">https://lists.ubuntu.com/archi<wbr>ves/snapcraft/2016-September/<wbr>001048.html</a><br>
>>> this should work.<br>
>>> I did refresh ubuntu-core from the beta channel and currently have<br>
>>> revision 636 of ubuntu-core.<br>
>>><br>
>>><br>
>>> Slightly related: If I understand<br>
>>> <a href="https://lists.ubuntu.com/archives/snapcraft/2016-September/001118.html" rel="noreferrer" target="_blank">https://lists.ubuntu.com/archi<wbr>ves/snapcraft/2016-September/<wbr>001118.html</a><br>
>>> correctly, the host filesystem should be exposed to the snap as<br>
>>> /var/lib/snapd/hostfs in devmode? It isn't on my system.<br>
>>><br>
>>> Cheers,<br>
>>> Otfried<br>
>>><br>
>>><br>
>>> --<br>
>>> Snapcraft mailing list<br>
>>> <a href="mailto:Snapcraft@lists.snapcraft.io" target="_blank">Snapcraft@lists.snapcraft.io</a><br>
>>> Modify settings or unsubscribe at:<br>
>>> <a href="https://lists.ubuntu.com/mailman/listinfo/snapcraft" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailm<wbr>an/listinfo/snapcraft</a><br>
>><br>
>><br>
>><br>
>> --<br>
>> Snapcraft mailing list<br>
>> <a href="mailto:Snapcraft@lists.snapcraft.io" target="_blank">Snapcraft@lists.snapcraft.io</a><br>
>> Modify settings or unsubscribe at:<br>
>> <a href="https://lists.ubuntu.com/mailman/listinfo/snapcraft" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailm<wbr>an/listinfo/snapcraft</a><br>
>><br>
><br>
><br>
><br>
> --<br>
> Eloy García Almadén<br>
><br>
> --<br>
> Snapcraft mailing list<br>
> <a href="mailto:Snapcraft@lists.snapcraft.io" target="_blank">Snapcraft@lists.snapcraft.io</a><br>
> Modify settings or unsubscribe at:<br>
> <a href="https://lists.ubuntu.com/mailman/listinfo/snapcraft" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailm<wbr>an/listinfo/snapcraft</a><br>
><br>
<br>
--<br>
Snapcraft mailing list<br>
<a href="mailto:Snapcraft@lists.snapcraft.io" target="_blank">Snapcraft@lists.snapcraft.io</a><br>
Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/snapcraft" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailm<wbr>an/listinfo/snapcraft</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">gustavo @ <a href="http://niemeyer.net" target="_blank">http://niemeyer.net</a></div>
</div></div></div>