-
-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
portal impls have no way to tell what type of application is making requests #1499
Comments
To be sure, what do you mean by "host" application? A "native" app like a deb or rpm package (a non-flatpak and non-snap packaged app)? An app with "host" access (e.g. a native app, a flatpak app with |
^ this one :) |
Ok, thanks. To respond to your general solution, it depends. If currently native apps aren't using any permission when using portals, then that make sense to not present any prompt. However, if a permission is stored for native apps, then it depends on the case and how reliably the app is identified. Sadly, I can't tell more because I don't really know how remote desktop here works (as I never experienced it). However, if you can describe briefly how it works and/or how I can experience it, then I will certainly say more. My only reference is https://gitlab.gnome.org/Teams/Design/os-mockups/-/blob/master/portals/portals.png?ref_type=heads, and I don't even see in the relevant design how "Firefox" is identified if it is an app on another computer... |
They can if they are launched in a cgroup that is discovered correctly.
You could look for Though, arguably, for the two use cases, it seems more sensible to make use of the token based session restore, that bypasses any dialog and just exposes it by default without any interaction. Another approach that has been discussed (but I fail to find the issue / discussion) is how to allow pre-configure access to certain apps. The use case in mind for that has been e.g. pre-authorized remote assistance apps in corporate environments. With that said, remote desktop servers using the portals are meant to be for "share my physically visible screen" use cases, and not when the primary method for accessing a machine is via a remote desktop protocol. |
@jadahl: Is the window to set the permissions comes from the app as being the server installed on the host machine? If that is that means we don't approve clients that are connecting. Is that correct? |
I've thought of other ideas, but they require other things. The best thing for now seems indeed to be able to pre-configure portal permissions. Here are relevant issues: |
What I was thinking is simply having a way to get to xdg-desktop-portal/src/xdp-app-info.c Line 137 in 1c902cc
It'd allow us to tell host from sandboxed applications which in turn allows us to treat things slightly differently - a use case that keeps popping up e.g. I am reminded of https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/merge_requests/297 |
Keeping identification in common allows to have same permission model for all DE, I think. |
Operating System
KDE Linux
XDG Desktop Portal version
1.18
XDG Desktop Portal version (Other)
No response
Desktop Environment
KDE
Desktop Environment (Other)
No response
Expected Behavior
Downstream in KDE there are some use cases for loosening the access controls for host applications. The trouble is we currently can't tell if an application is host or flatpak or snap. We obviously wouldn't want to change anything for the sandboxes. To that end maybe it'd make sense to somehow expose a
kind
field that describes host|flatpak|snap. Or possibly even more of the metadata collected in xdp_app_info_from_*?Current Behavior
Currently we don't know if an application is host or not.
Steps to Reproduce
Not applicable
Anything else we should know?
e.g. Consider an advanced user who is SSHing into their home system and wants to setup RDP so they can get to their desktop. It makes little sense for the rdpserver that is already running with host access to require an interactive authorization prompt. A notification that someone has connected seems more appropriate.
Or a gaming application that is installed in host scope and uses the remote-desktop facilities to stream games. When you are on the couch and want to game, the auth prompt isn't necessarily interactable.
The text was updated successfully, but these errors were encountered: