Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should notifications permission be granted automatically for the Flatpak package? #6

Open
azymohliad opened this issue Feb 11, 2023 · 7 comments

Comments

@azymohliad
Copy link
Owner

The notifications forwarding feature requires full D-Bus session bus access. Currently, the permission for the Flatpak package needs to be granted manually, otherwise notifications forwarding won't work. This can be done via Flatseal, or using the following command:

flatpak override --socket=session-bus io.gitlab.azymohliad.WatchMate

Technically, this gives WatchMate access to sniff all user-level IPC on D-Bus (non-sandboxed software can do it anyway of course). Reasonably, Flathub doesn't normally allow it. Unfortunately, there seems to be no other way to implement this feature than via D-Bus monitor, and other PineTime companion apps on Linux do it the same way.

I could ask for an exception for WatchMate on Flathub to declare this permission (they have a system for it).

The question is, would you as a user prefer to leave it opt-in and explicit, or would you rather not bother and have it working out-of-the-box? I much prefer the idea of granting such a strong permissions manually, but I'm not sure how much inconvenience it brings.

I will keep this issue open for a while to give enough time to gather opinions.

P.S. To give more details on the current implementation, it uses org.freedesktop.DBus.Monitoring.BecomeMonitor to listen what other processes send via org.freedesktop.Notifications.Notify call. If you know any better way to do it with Freedesktop API that wouldn't require such a coarse-grained permission, please let me know! This would be the best option.

@azymohliad azymohliad changed the title Should the permission for notifications be granted automatically for the Flatpak package? Should notifications permission be granted automatically for the Flatpak package? Feb 11, 2023
@GeckoEidechse
Copy link

At the very least the notification that pops up when trying to enabled notifications should give the user some piece of information (e.g. a link to this issue) on how to enable D-Bus session bus access. Otherwise someone not familiar with Flatpak sandboxing has no idea how to enable said access themselves ^^

image

@azymohliad
Copy link
Owner Author

At the very least the notification that pops up when trying to enabled notifications should give the user some piece of information (e.g. a link to this issue) on how to enable D-Bus session bus access. Otherwise someone not familiar with Flatpak sandboxing has no idea how to enable said access themselves ^^

Thank you, that's a very good point. The longer message didn't work well with these popups in my tests (it would be trimmed if it doesn't fit, and on the phone there's no option to just increase the window width). But I can indeed add a button with a link here.

@azymohliad
Copy link
Owner Author

I see many upvotes to the suggestion above, so I think I should prioritize this and release v0.4.2 as soon as it's ready.

The reason it's not done yet is that it requires a bit more changes than I expected.

@azymohliad
Copy link
Owner Author

Just published v0.4.2 with less confusing pop-up, linking to this issue. Should be available on flathub in a few hours.
image

@minacode
Copy link

I guess you could implement the needed command behind a second "Allow"-button for more convenience.

@azymohliad
Copy link
Owner Author

I guess you could implement the needed command behind a second "Allow"-button for more convenience.

Thanks for the input. If I understand you correctly, that wouldn't work, as the command would be running from the same sandbox. And I mean generally, if sandboxed apps were able to change their own privileges it would defeat the purpose of sandboxing.

I guess the convenience option could be the button to launch Flatseal if it's installed. But I guess it's not installed for many, and even if installed it'd still require extra steps from a user (probably, including reading this issue), so this way it's probably not even worth the space on the pop-up.

I might be exaggerating the concern here. I think eventually if nobody else voices their preference to keep it opt-in, I'll just apply for an exception with Flathub to enable it by default.

@jmevel
Copy link

jmevel commented May 22, 2023

Hi!
New Linux user here (migrated from Windows 2 weeks ago).
I just arrived on this ticket by clicking on the Details button in the error message.

I've actually learnt about Flatpak and Flatseal very quickly after I installed Fedora on my machine (we can even configure Flatpak apps permissions on KDE through System Settings -> Personalization -> Applications -> Flatpak Permissions Settings -> WatchMate and then in the Advanced Permission section for the Session Bus Access checkbox).

I honestly would prefer to opt-in and manually activate the Session Bus Access.
One advantage of using Flatpak is to be able to sandbox applications and easily control what they can access to.
I wouldn't like to discover that an application has some default permissions that I never agreed to give. I feel much better doing it myself and understanding this is required by the notification feature.

If the Details button could point to a nice Readme section explaining how to control Flatpak apps permissions I think that would greatly benefit users who don't know yet how this works. It's just a matter of teaching them once, just like how we do on Android.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants