Hi all.

I have the same problem in my snap java-based application. I use xdg-open
command to launch the default browser so, it would be great a solution :)



2016-09-20 15:46 GMT+02:00 Spencer Parkin <spencertpar...@gmail.com>:

> This is related to a question I had as well.  I have a program that uses
> wxLaunchDefaultBrowser which, looking at its implementation, tries to make
> the system call "exec()" to launch the default browser with a URL.
> If snap programs are not allowed to start other processes, that's fine;
> but if enough people need to launch the default browser with a URL, then
> I'm sure a secure solution just for this could somehow be implemented for
> snaps.
> I gather that one design goal of snaps, however, is the ability for people
> to write programs for any environment, but also have them work as snaps so
> that the programmer doesn't have to write snap-specific code, or make
> snap-specific considerations in their code.  In other words, your code
> should be "none-the-wiser" that it is running in the confined area.
> So with that in mind, I'm not sure how to solve the problem.  Any secure
> API exposed to snap applications already breaks the above design goal.
> Of course, it's not unreasonable for my program to have "#ifdef WIN32" or
> "#ifdef UNIX", and in the latter case, I may be looking to utilize
> something in a standard unix environment which, I believe, is synthesized
> in Unbuntu Core.  That's where I believe the snap environment can intercept
> what an application is doing and provide a secure solution, and this may be
> the "xdg-open" thing Otfried was talking about.
> On Mon, Sep 19, 2016 at 2:37 AM, Otfried Cheong <otfr...@ipe.airpost.net>
> wrote:
>> Hello,
>> my app has a manual in html.  I normally show this using "xdg-open
>> <url>", but from the snap this results in "xdg-open: Permission denied",
>> leaving this log:
>> [21249.231634] audit: type=1400 audit(1474273861.873:383):
>> apparmor="DENIED" operation="exec" profile="snap.ipe.sh"
>> name="/usr/local/bin/xdg-open" pid=9551 comm="sh" requested_mask="x"
>> denied_mask="x" fsuid=1000 ouid=0
>> According to
>> https://lists.ubuntu.com/archives/snapcraft/2016-September/001048.html
>> this should work.
>> I did refresh ubuntu-core from the beta channel and currently have
>> revision 636 of ubuntu-core.
>> Slightly related:  If I understand
>> https://lists.ubuntu.com/archives/snapcraft/2016-September/001118.html
>> correctly, the host filesystem should be exposed to the snap as
>> /var/lib/snapd/hostfs in devmode?    It isn't on my system.
>> Cheers,
>>  Otfried
>> --
>> Snapcraft mailing list
>> Snapcraft@lists.snapcraft.io
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
>> an/listinfo/snapcraft
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft

Eloy García Almadén
Snapcraft mailing list
Modify settings or unsubscribe at: 

Reply via email to