[Tracker] Tracker and sandboxed applications

From: Sam Thursfield <ssssam gmail com>
To: Tracker mailing list <tracker-list gnome org>
Subject: [Tracker] Tracker and sandboxed applications
Date: Fri, 29 Jan 2016 11:33:16 +0100

Hi

We had a discussion at the 2016 Developer Experience hackfest related
to sandboxing apps that use Tracker.

xdg-app is already at a point where people can (and are!) using it as
an build and distribution system for apps. The sandboxing aspect is
less developed, but that will be the next step.

So how do we package Gnome Documents and Gnome Music for xdg-app? The
key decision is whether to continue having one global Tracker database
in the user's home dir -- in which case tracker-store has to be rock
solid at enforcing permissions and separation -- or whether we run the
Tracker code directly within that app's sandbox.

We decided on the latter approach for the time being: adapt Tracker
into a library that can be used by sandboxed apps to provide mining,
monitoring and query functionality for whatever directories that app
can see. Splitting Tracker up a bit was a goal anyway, but the main
thing is that this way, tracker-store's query parser doesn't become a
security sensitive component. I would hope we can do this in a way
that doesn't break existing use cases of Tracker. (Although I don't
know how everyone on this list is using it: feedback is helpful1)

There are two downsides. One is that search + query across all the
user's data becomes more difficult, because it's no longer
centralised. But is still *possible* to do this: you just need to
synchronise the data from each app's database into a global database,
and then run the search/query on that database. RDF is an interchange
format, so synchronisation should be pretty easy to implement!

Note that gnome-shell doesn't use Tracker to provide search results
anyway, it federates queries across applications (some of which then
use Tracker). That has the downside that a single keypress can trigger
thousands of context switches as each app updates the search results
it's providing... but that's a problem we already have, not something
that this proposal really makes worse.

The other downside is that there can be some duplication of work. E.g.
Videos and Music may both index the Music directory, and would both
end up monitoring the same files (perhaps many of them!). I don't
think this is going to happen that often though, and it feels like
partly a design problem anyway. If there is a legitimate reason to
have 10 different apps that all need to monitor a user's entire music
collection then we can look at setting up an xdg-app portal that deals
with scanning all of the music collection and providing that info the
sandbox, but I struggle to think of many cases where we'd need that.
Contacts are one case, perhaps, but GNOME seems to prefer using
evolution-dataserver for those in any case...

Let me know what you think.

Sam

PS. here are some relevant previous discussions:
https://mail.gnome.org/archives/tracker-list/2015-March/msg00015.html
https://mail.gnome.org/archives/tracker-list/2014-September/msg00030.html
https://mail.gnome.org/archives/tracker-list/2014-September/msg00030.html

Follow-Ups:
- Re: [Tracker] Tracker and sandboxed applications
  - From: Debarshi Ray
- Re: [Tracker] Tracker and sandboxed applications
  - From: Philip Van Hoof

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]