portal impls have no way to tell what type of application is making requests #1499
Comments
|
To be sure, what do you mean by "host" application? A "native" app like a deb or rpm package (a non-flatpak and non-snap packaged app)? An app with "host" access (e.g. a native app, a flatpak app with |
^ this one :) |
|
Ok, thanks. To respond to your general solution, it depends. If currently native apps aren't using any permission when using portals, then that make sense to not present any prompt. However, if a permission is stored for native apps, then it depends on the case and how reliably the app is identified. Sadly, I can't tell more because I don't really know how remote desktop here works (as I never experienced it). However, if you can describe briefly how it works and/or how I can experience it, then I will certainly say more. My only reference is https://gitlab.gnome.org/Teams/Design/os-mockups/-/blob/master/portals/portals.png?ref_type=heads, and I don't even see in the relevant design how "Firefox" is identified if it is an app on another computer... |
They can if they are launched in a cgroup that is discovered correctly.
You could look for Though, arguably, for the two use cases, it seems more sensible to make use of the token based session restore, that bypasses any dialog and just exposes it by default without any interaction. Another approach that has been discussed (but I fail to find the issue / discussion) is how to allow pre-configure access to certain apps. The use case in mind for that has been e.g. pre-authorized remote assistance apps in corporate environments. With that said, remote desktop servers using the portals are meant to be for "share my physically visible screen" use cases, and not when the primary method for accessing a machine is via a remote desktop protocol. |
|
@jadahl: Is the window to set the permissions comes from the app as being the server installed on the host machine? If that is that means we don't approve clients that are connecting. Is that correct? |
|
I've thought of other ideas, but they require other things. The best thing for now seems indeed to be able to pre-configure portal permissions. Here are relevant issues: |
Operating System
KDE Linux
XDG Desktop Portal version
1.18
XDG Desktop Portal version (Other)
No response
Desktop Environment
KDE
Desktop Environment (Other)
No response
Expected Behavior
Downstream in KDE there are some use cases for loosening the access controls for host applications. The trouble is we currently can't tell if an application is host or flatpak or snap. We obviously wouldn't want to change anything for the sandboxes. To that end maybe it'd make sense to somehow expose a
kindfield that describes host|flatpak|snap. Or possibly even more of the metadata collected in xdp_app_info_from_*?Current Behavior
Currently we don't know if an application is host or not.
Steps to Reproduce
Not applicable
Anything else we should know?
e.g. Consider an advanced user who is SSHing into their home system and wants to setup RDP so they can get to their desktop. It makes little sense for the rdpserver that is already running with host access to require an interactive authorization prompt. A notification that someone has connected seems more appropriate.
Or a gaming application that is installed in host scope and uses the remote-desktop facilities to stream games. When you are on the couch and want to game, the auth prompt isn't necessarily interactable.
The text was updated successfully, but these errors were encountered: