Draft: Thunderbird can open files in home (using portals)
The portal services xdg-desktop-portal and xdg-desktop-portal-gtk assume
that sandboxed applications which want to access files from outside the
sandbox are either run via flatpak or snap. To still be able to use them
we trick them to think that we're running in a flatpak. That requires
mounting a .flatpak-info
file to the root filesystem of the application.
We do that via a bwrap binding. Relevant parts of the xdg-desktop-portal
code:
- https://github.com/flatpak/xdg-desktop-portal/blob/d7cfc16a6dc11cb925116fe36c5ee23e7075849c/src/file-chooser.c#L120-L123
- https://github.com/flatpak/xdg-desktop-portal/blob/d7cfc16a6dc11cb925116fe36c5ee23e7075849c/src/xdp-utils.c#L466-L471
- https://github.com/flatpak/xdg-desktop-portal/blob/d7cfc16a6dc11cb925116fe36c5ee23e7075849c/src/xdp-utils.c#L819-L837
When this file exists, Thunderbird thinks that it's running in a flatpak, so it will try to use portals even when GTK_USE_PORTAL is not set.
Now that the portal service knows that we're running in a sandbox it
doesn't return the path selected by the user but a path below
/run/user/1000/doc
. We allow Thunderbird access to those in the AppArmor
profile.
To avoid that Thunderbird can access portal documents opened by other
applications we bind-mount /run/user/1000/doc/by-app/org.mozilla.Thunderbird
to /run/user/1000/doc
in the Thunderbird sandbox. That's the same
flatpak does:
Closes #19592