File chooser dialog; permission for enire home folder or individual xdgs?

When publishing a flatpak application, developers need to specify which directories the app is going to have access to, this is done by adding the --filesystem argument in your flatpak manifest, these can be:

  • ‘home’, which gives access to the user’s home directory
  • ‘xdg-something’, which gives access to specific XDG folder (such as user’s Downloads and Documents)
  • Others, see docs

This has direct consequences with file choosing dialogs (such as GtkFileChooser), where the user will have limited directory access, this can be annoying with applications such as Discord only allowing access to Downloads and Pictures folders, but is completely understandable from a privacy/security point of view (you don’t want apps reading your bash history :P[or messing your config files more importantly!]).

While thinking about this, I came to the conclusion that a middle ground between security and ease of use would be enabling all or most XDG directories (such as Desktop, Videos, Pictures, Downloads and etc…) without enabling ‘home’ access, this way configuration files will be safe while the user will have an enjoyable experience saving and selecting files/folders. That, however, might not be what users prefer, e. g. I use fonts on a website project I’m working on, the project is saved under ~/Projects (which is not a XDG directory) and I’d like my font downloader program to save files directly there, unfortunately GtkFileChooser dialog won’t display that directory, I could technically ‘solve’ this by using flatpak override --filesystem=~/Projects, but users might not know this/want to do this.


TL;DR What do you personally think is a better option for applications that use file chooser dialogs: Entire home folder access or only most relevant XDG directories?

1 Like