Firefox installed as Snap should make clear it's sandboxed when using file:///
Categories
(Core :: Networking: File, defect, P2)
Tracking
()
People
(Reporter: sven, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
The Snap version of Firefox on Linux does not have full access to the host filesystem. This can lead to rather confusing behaviour, e.g. when you want to open a file from the command line using firefox /path/to/file.html
, Firefox may not be able to access that file, or may even show a different content for the file than you are seeing in the terminal.
When browsing directories, there is no indication whether the directory you are looking at is from the host filesystem or the sandbox. On my machine (Ubuntu 23.04), /usr/share/doc appears to come from the host filesystem, while /usr/lib appears to be from the sandbox. It would be nice to be given some indication what I'm looking at when browsing local files and directories.
Comment 1•1 year ago
|
||
UI would probably have to appear in the directory listing interface, so moving to the network component for that, and linking up with the snap metabug.
Comment 2•1 year ago
|
||
we dont control the UI, it's part of XDG Desktop Portal, so I dont know what we can do.
Comment 3•1 year ago
|
||
(In reply to Alexandre LISSY :gerard-majax from comment #2)
we dont control the UI, it's part of XDG Desktop Portal, so I dont know what we can do.
We control file
directory listings inside the browser.
Comment 4•1 year ago
|
||
(In reply to :Gijs (he/him) from comment #3)
(In reply to Alexandre LISSY :gerard-majax from comment #2)
we dont control the UI, it's part of XDG Desktop Portal, so I dont know what we can do.
We control
file
directory listings inside the browser.
Not sure what you are relating to with file
?
Updated•1 year ago
|
Comment 5•1 year ago
•
|
||
So, the directory index is generated from nsDirectoryIndexStream.cpp and that stream is parsed into a web page by nsIndexedToHTML.cpp
I'm not sure exactly how we can differentiate between files in the sandbox and files outside the sandbox.
@Sven, do you know if there's an API for that?
Reporter | ||
Comment 6•1 year ago
|
||
:valentin, sorry, I don't know anything about this. I suspect the filesystem sandboxing is implemented using Linux mount namespaces, and I don't think Linux will be very forthcoming when answering the question "Is this directory loop-mounted from the host fs?" You probably need to ask someone who knows how snaps work.
If it's not feasible to figure out whether a particular directory comes from the host or the sandbox, we could at least add a message that the directory listing might come from he sandbox whenever we detect that we are running inside a snap sandbox.
For what it's worth, you can run a shell inside the sandbox using snap run --shell firefox.firefox
on a Linux box with the Snap installed.
Description
•