我在我的项目中使用了 flatpak-spawn –sandbox 作为沙箱来运行用户提供的nwjs代码,显然我需要将用户选择的目录暴露给子沙箱。
最初我使用xdg-portal+FileChooser来请求用户选择目录,这样的确会把目录暴露给我的app,在/run/user/1000/doc。
然后我尝试通过--sandbox-expose-path=参数来把文件暴露给子沙箱,但是不行。
我能想到的办法只有在app的权限中直接申请访问--filesystem=home,这会把用户所有的文件都提供给app,在~里面,也包括用户选择的目录,这时就能直接暴露给子沙箱
但是直接申请访问用户的整个家目录也不是什么好主意。有什么办法能解决这个问题吗?
I’m using
flatpak-spawn --sandboxas a sandbox in my project to run user-provided NWJS code. Obviously, I need to expose the user-selected directory to the sub-sandbox.Initially, I used
xdg-portal + FileChooserto request the user to select a directory, which did expose the directory to my app at/run/user/1000/doc.Then I tried exposing files to the sub-sandbox using the
--sandbox-expose-path=parameter, but that didn’t work.[Screenshot]
The only solution I can think of is to directly request access to the user’s entire home directory in the app’s permissions using
--filesystem=home. This would provide all of the user’s files to the app, including the user-selected directory in the~area, thus directly exposing them to the sub-sandbox.However, directly requesting access to the user’s entire home directory isn’t a good idea either. Is there any way to solve this problem?
Google Translate
