[gnome-books/wip/hadess/gnome-books: 1/3] flatpak: Restrict files access

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-books/wip/hadess/gnome-books: 1/3] flatpak: Restrict files access
Date: Fri, 25 Jan 2019 16:07:50 +0000 (UTC)

commit 8c34c06f45ea035ec33808ec23b37f1dac5737b9
Author: Bastien Nocera <hadess hadess net>
Date:   Fri Jan 25 09:43:47 2019 +0100

    flatpak: Restrict files access
    
    The nightly flatpak used to have access to "host". Given that we still
    rely on tracker to index the books, best restrict the files access to
    directories in the local home.

 flatpak/org.gnome.Books.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/flatpak/org.gnome.Books.json b/flatpak/org.gnome.Books.json
index 482af8ec..4d9ce4ec 100644
--- a/flatpak/org.gnome.Books.json
+++ b/flatpak/org.gnome.Books.json
@@ -12,13 +12,13 @@
         /* Wayland access */
         "--socket=wayland",
         /* Read-only access to users documents */
-        /* Books can be outside xdg-dirs */
-        "--filesystem=host:ro",
+        "--filesystem=xdg-documents:ro", "--filesystem=xdg-download:ro",
         /* Needs to talk to the network: */
         "--share=network",
-        /* Tracker access */
+        /* Tracker D-Bus access */
         "--talk-name=org.freedesktop.Tracker1",
         "--talk-name=org.freedesktop.Tracker1.Miner.Extract",
+        "--env=TRACKER_SPARQL_BACKEND=bus",
         /* Needed for dconf to work */
         "--filesystem=xdg-run/dconf", "--filesystem=~/.config/dconf:ro",
         "--talk-name=ca.desrt.dconf", "--env=DCONF_USER_CONFIG_DIR=.config/dconf"

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]