On Sonntag, 2. Juni 2019 20:02:50 CEST Nate Graham wrote: > On 6/2/19 4:37 AM, Albert Astals Cid wrote: > > El divendres, 31 de maig de 2019, a les 13:05:04 CEST, Alexander Reinholdt va escriure: > >> Has anyone on this list successfully packaged a program with a KAuth > >> helper > >> included? Or is it impossible to install a KAuth helper into a flatpak? > >> Help is much appreciated. > > > > I think that's the main question, does a KAuth helper make sense in a > > flatpak app? > > > > Given that flatpak apps are [supposed to be] sandboxed, personally I don't > > think it makes sense for them to let you have elevated permissions. > Hmm, that seems like it would be quite a restriction on what a Flatpak > app could accomplish. There must be a secure way to do this. > > Nate
This is not a restriction, but a design principle. The sandbox defines what is allowed, not the program inside the sandbox. Whenever extra privileges are required, these are defined and provided by the sandbox. For flatpak, the portals provide access to things limited by default. I am not sure what SMB4K need root privileges for, but I assume it requires it for mounting CIFS shares. If you try to specify this, you will end up with something like "allow to mount an arbitrary filesystem". I don't think this can or should be provided by a portal. SMB4K is a quite lowlevel system tool. There are tools which are too lowlevel to package as flatpak/snap/appimage/whatever in a useful way, and SMB4K is one of these. If you want this to be done in a secure way, large parts of the SMB4K core would end up in the runtime, and SMB4K would be stripped down to the GUI only. But then, providing SMB4K as a Flatpak would hardly have any benefit over a regular package (if at all). Kind regards, Stefan -- Stefan Brüns / Bergstraße 21 / 52062 Aachen home: +49 241 53809034 mobile: +49 151 50412019
signature.asc
Description: This is a digitally signed message part.
