That was a good explanation indeed, thanks John. Can we do something better than just recommend it on classic? The feature is common enough that this should be a requirement, I think.
The problem then is how to drop the package when building the Ubuntu Core image. On Wed, Sep 21, 2016 at 5:39 AM, John Lenton <john.len...@canonical.com> wrote: > Eloy, Spencer, Otfried, > > The xdg-open we ship in /usr/local in the snap-core snap failing like > that is a bug; it seems we weren't covering this use case in our > tests. > > jdstrand has now addressed this, and although with his fix right now > you'll need to ask for the unity7 interface it is expected to grow > into a more fine-grained interface at some point, it was put there to > unblock people (i.e. you). We expect this fix to be part of the 2.15 > release, but it might slip to 2.16. > > This is not the whole story, however. You'll also need the > snapd-xdg-open package (or a dbus service providing OpenURL on the > com.canonical.SafeLauncher interfacee) in your classic system. You can > install that in yakkety, or get it from -proposed for xenial > (https://launchpad.net/ubuntu/+source/snapd-xdg-open), or get the > source from https://github.com/snapcore/snapd-xdg-open. As soon as it > gets out of -proposed and into -updates we'll have snapd recommend it, > but this might not be ready for 2.15. > > On 21 September 2016 at 08:18, Eloy García (PC Actual) > <eloy.garcia....@gmail.com> wrote: > > Hi all. > > > > I have the same problem in my snap java-based application. I use xdg-open > > command to launch the default browser so, it would be great a solution :) > > > > Best, > > > > Eloy > > > > 2016-09-20 15:46 GMT+02:00 Spencer Parkin <spencertpar...@gmail.com>: > >> > >> This is related to a question I had as well. I have a program that uses > >> wxLaunchDefaultBrowser which, looking at its implementation, tries to > make > >> the system call "exec()" to launch the default browser with a URL. > >> > >> If snap programs are not allowed to start other processes, that's fine; > >> but if enough people need to launch the default browser with a URL, > then I'm > >> sure a secure solution just for this could somehow be implemented for > snaps. > >> > >> I gather that one design goal of snaps, however, is the ability for > people > >> to write programs for any environment, but also have them work as snaps > so > >> that the programmer doesn't have to write snap-specific code, or make > >> snap-specific considerations in their code. In other words, your code > >> should be "none-the-wiser" that it is running in the confined area. > >> > >> So with that in mind, I'm not sure how to solve the problem. Any secure > >> API exposed to snap applications already breaks the above design goal. > >> > >> Of course, it's not unreasonable for my program to have "#ifdef WIN32" > or > >> "#ifdef UNIX", and in the latter case, I may be looking to utilize > something > >> in a standard unix environment which, I believe, is synthesized in > Unbuntu > >> Core. That's where I believe the snap environment can intercept what an > >> application is doing and provide a secure solution, and this may be the > >> "xdg-open" thing Otfried was talking about. > >> > >> > >> On Mon, Sep 19, 2016 at 2:37 AM, Otfried Cheong < > otfr...@ipe.airpost.net> > >> wrote: > >>> > >>> Hello, > >>> > >>> my app has a manual in html. I normally show this using "xdg-open > >>> <url>", but from the snap this results in "xdg-open: Permission > denied", > >>> leaving this log: > >>> > >>> [21249.231634] audit: type=1400 audit(1474273861.873:383): > >>> apparmor="DENIED" operation="exec" profile="snap.ipe.sh" > >>> name="/usr/local/bin/xdg-open" pid=9551 comm="sh" requested_mask="x" > >>> denied_mask="x" fsuid=1000 ouid=0 > >>> > >>> According to > >>> https://lists.ubuntu.com/archives/snapcraft/2016-September/001048.html > >>> this should work. > >>> I did refresh ubuntu-core from the beta channel and currently have > >>> revision 636 of ubuntu-core. > >>> > >>> > >>> Slightly related: If I understand > >>> https://lists.ubuntu.com/archives/snapcraft/2016-September/001118.html > >>> correctly, the host filesystem should be exposed to the snap as > >>> /var/lib/snapd/hostfs in devmode? It isn't on my system. > >>> > >>> Cheers, > >>> Otfried > >>> > >>> > >>> -- > >>> Snapcraft mailing list > >>> Snapcraft@lists.snapcraft.io > >>> Modify settings or unsubscribe at: > >>> https://lists.ubuntu.com/mailman/listinfo/snapcraft > >> > >> > >> > >> -- > >> Snapcraft mailing list > >> Snapcraft@lists.snapcraft.io > >> Modify settings or unsubscribe at: > >> https://lists.ubuntu.com/mailman/listinfo/snapcraft > >> > > > > > > > > -- > > Eloy García Almadén > > > > -- > > Snapcraft mailing list > > Snapcraft@lists.snapcraft.io > > Modify settings or unsubscribe at: > > https://lists.ubuntu.com/mailman/listinfo/snapcraft > > > > -- > Snapcraft mailing list > Snapcraft@lists.snapcraft.io > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm > an/listinfo/snapcraft > -- gustavo @ http://niemeyer.net
-- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft