Hi,
flatpak is supposed to have no influence on system apps. Unfortunately it does.
Here is my system: Ubuntu 16.04 with this package:
Package: flatpak
Version: 0.6.5-0alexlarsson1~xenial
When I start evince (that is confined by an AppArmor policy), I get those errors in the kernel logs:
[247064.756502] audit: type=1400 audit(1466070101.580:97): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/flatpak/exports/share/applications/mimeinfo.cache" pid=29246 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[247064.810234] audit: type=1400 audit(1466070101.632:98): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/flatpak/exports/share/icons/hicolor/index.theme" pid=29246 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[247064.812343] audit: type=1400 audit(1466070101.636:99): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache" pid=29246 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
which means that evince is trying to use flatpak's files instead of Ubuntu's files.
My guess is that this problem is caused by this environment variable:
XDG_DATA_DIRS=/usr/share/plasma:/home/bonnaudl/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share/:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
LaurentBonnaud
All 6 comments
Its not true that they are not supposed to "interfere" with the system. The installed apps do integrate with the desktop by installing desktop files and icons. This is intentional or you would not be able to launch the installed apps easily.
However, it seems the ppa might need some tweaking of the apparmour profile.
alexlarsson
on 16 Jun 2016
The installed apps do integrate with the desktop by installing desktop files and icons
Installing desktop files and icons is one thing (which is perfectly acceptable), but changing how system apps behave is another (which I do not find acceptable).
How about changing the order of directories in XDG_DATA_DIRS ?
LaurentBonnaud
on 16 Jun 2016
I don't see the difference between "installing desktop files" and "changing how system apps behave". For "installing desktop files" to be a useful action it has to modify how the system works, or your newly installed desktop file would be useless (or rather, not installed).
alexlarsson
on 16 Jun 2016
The difference I see is (let's take evince as an example):
- "installing desktop files" (and the necessary files for the desktop file to "work") should only add some launcher (and use some disk space, ...) but not alter _in any way_ how Ubuntu's evince "works"
- "changing how system apps behave" : currently when I install flatpak, Ubuntu's evince uses flatpak's mimeinfo and icon-cache whereas it should use the one in the Ubuntu system.
If you say to potential users of flatpak "If you install flatpak, it may alter/break your system in unexpected ways" it will be a hard sell.
LaurentBonnaud
on 16 Jun 2016
If the system evince reads desktop files as part of how it works. If installing desktop files is supposed to work, it should be picked up by the system evince, or the desktop file is not installed.
In the particular case above evince is not actually looking at desktop files, but at icon. The flatpak app is allowed to install icons that are prefixed by the app-id, so it should not conflict with other icons from the host (unless the same app is installed on the host and as a flatpak), so it should be pretty safe. Allowing this icon export is required for exporting the desktop file to work though.
alexlarsson
on 16 Jun 2016
"Ubuntu's evince uses flatpak's mimeinfo and icon-cache whereas it should use the one in the Ubuntu system."
This is a misunderstanding. These are additive directories, you're just adding an extra directory of possible mime/icon information. Currently we don't export mime types, but there is an issue discussing how to do this safely.
alexlarsson
on 16 Jun 2016
Related issues
peteruithoven
路
3Comments
Crafter6432
路
4Comments
sgnn7
路
5Comments
pandaway
路
5Comments
devurandom
路
4Comments