Standardized permission saving

Jan Tojnar jtojnar at gmail.com
Wed Feb 16 10:19:45 UTC 2022


Hi,

I do not think there is any standard for that, as shrinkwrapping apps
only makes sense with sandboxing and there has not really been many
options for that so far.

The closest thing are finish-args in Flatpak manifest [1] which takes
a list of CLI arguments [2]

I do not think it makes sense to put it in a desktop file since one
could just run the program from Exec directly. (Unless you parse all
the desktop files and correlate them with executables – but then you
could just use a separate file anyway.) Perhaps the Appstream
specification might be a better place?

[1]: https://docs.flatpak.org/en/latest/manifests.html#finishing
[2]: https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html

On Mon, 20 Dec 2021 at 01:57, Mathew Gordon <mgord9518 at gmail.com> wrote:
>
> Hello,
>
> I'm currently working a project to sandbox AppImages and I was
> wondering if there was any existing generic standard way for
> applications to request system permissions (eg: xdg-downloads from
> filesystem, dri from devices), or any up and coming plans for
> something the like? The solution I'm currently using is to extend the
> XDG desktop entry.
>
> (example file)
> [Desktop Entry]
> ...
> [X-AppImage-Required-Permissions]
> Files=xdg-download:ro;
> Devices=dri;input;
> Sockets=x11;wayland;pulseaudio;
>
> I'm aware of xdg-desktop-portal, but that appears to only apply to
> on-the-fly and not predetermined permissions. Thanks in advance


More information about the xdg mailing list