ANNOUNCE: Plash 1.16, with Powerbox for Gtk

Hi folks,

I have released a new version of Plash, which is available from:

Plash is a system for sandboxing GNU/Linux programs so that they can
be run with minimum authority/privileges.  Plash can be used with GUI
applications: you can dynamically grant a GUI application access
rights to individual files that you want to open and edit.  This
happens transparently through the Open/Save file chooser dialog box.

Plash replaces Gtk's GtkFileChooserDialog so that the file chooser is
implemented outside the application in a separate process, as a
trusted component.  This file chooser is known as a powerbox, because
it delegates additional power to the application.

For example, Inkscape can be launched in a sandbox using the following
command.  Initially it won't have access to anything in your home
directory.  Choosing a file using File->Open grants Inkscape access to
the file, attaching the file into Inkscape's file namespace.

pola-run --prog /usr/bin/inkscape \
  -B -fl /etc --x11 \
  --env LD_PRELOAD=/usr/lib/plash/lib/ \
  --powerbox --pet-name "Inkscape"

The main change in this release is a reimplementation of the
powerbox/Gtk integration.  In the previous version, the replacement
GtkFileChooserDialog class inherited only from GtkObject, which caused
various problems.  The new version inherits from GtkDialog (and hence
from GtkWindow, GtkWidget, etc.), just as the ordinary
GtkFileChooserDialog does.  This works with a lot more Gtk

The new GtkFileChooserDialog replacement prevents its parent GtkWindow
from opening a window by overriding the GtkWidget "map" method with
code that does not pass the call on to GtkWindow.  Instead, the "map"
method invokes the powerbox API, which causes the powerbox manager to
open a file chooser instead.

You can see the code for this at:

This still works as an LD_PRELOADed library, which replaces
gtk_file_chooser_* functions.

Would there be any interest in merging this functionality into
mainline Gtk, so that the powerbox code can optionally be compiled in,
and optionally be enabled at run time?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]