[gnome-books/wip/hadess/gnome-books: 9/10] flatpak: Restrict files access

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-books/wip/hadess/gnome-books: 9/10] flatpak: Restrict files access
Date: Fri, 25 Jan 2019 12:47:00 +0000 (UTC)

commit 0756ca369cbc8592982140cfdd0110d4c44bb09e
Author: Bastien Nocera <hadess hadess net>
Date:   Fri Jan 25 09:43:47 2019 +0100

    flatpak: Restrict files access
    
    The nightly flatpak used to have access to "host". Given that we still
    rely on tracker to index the books, best restrict the files access to
    directories in the local home.

 flatpak/org.gnome.Books.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
---
diff --git a/flatpak/org.gnome.Books.json b/flatpak/org.gnome.Books.json
index 482af8ec..818fe4cf 100644
--- a/flatpak/org.gnome.Books.json
+++ b/flatpak/org.gnome.Books.json
@@ -12,8 +12,7 @@
         /* Wayland access */
         "--socket=wayland",
         /* Read-only access to users documents */
-        /* Books can be outside xdg-dirs */
-        "--filesystem=host:ro",
+        "--filesystem=xdg-documents:ro", "--filesystem=xdg-download:ro",
         /* Needs to talk to the network: */
         "--share=network",
         /* Tracker access */

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]