From fe3954ff63f0cafc70fd79c8aeac24d4a7ba85e6 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sun, 16 Jan 2022 12:38:25 +0000 Subject: [PATCH] run, override: Clarify the effect of --nofilesystem There are two reasonable interpretations for --nofilesystem=home: either it revokes a previous --filesystem=home (as in Flatpak 1.12.2 and older versions), or it completely forbids access to the home directory (as in Flatpak 1.12.3). Clarify the man pages to indicate that it only revokes a previous --filesystem=home. This will hopefully reduce mismatches between the design and what users expect to happen, as in flatpak#4654. A subsequent commit will introduce a way to get the Flatpak 1.12.3 behaviour in a way that is more backwards-compatible with Flatpak 1.12.2 and older versions. Signed-off-by: Simon McVittie (cherry picked from commit 7bbeed2b87b84d6d94006e25418b7f89a7784fdb) --- doc/flatpak-override.xml | 28 +++++++++++++++++++++++----- doc/flatpak-run.xml | 26 +++++++++++++++++++++----- 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/doc/flatpak-override.xml b/doc/flatpak-override.xml index 306026cb6..acf9a1fe9 100644 --- a/doc/flatpak-override.xml +++ b/doc/flatpak-override.xml @@ -219,13 +219,31 @@ - Remove access to the specified subset of the filesystem from - the application. This overrides to the Context section from the + Undo the effect of a previous + FILESYSTEM + in the app's manifest or a lower-precedence layer of + overrides, and/or remove a previous + FILESYSTEM + from this layer of overrides. + This overrides the Context section of the application metadata. - FILESYSTEM can be one of: home, host, host-os, host-etc, xdg-desktop, xdg-documents, xdg-download, - xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, - an absolute path, or a homedir-relative path like ~/dir. + FILESYSTEM can take the same + values as for , but the + :ro and + :create suffixes are not + used here. This option can be used multiple times. + + This option does not prevent access to a more + narrowly-scoped . + For example, if an application has the equivalent of + in + its manifest or as a system-wide override, and + flatpak override --user --nofilesystem=home + as a per-user override, then it will be prevented from + accessing most of the home directory, but it will still + be allowed to access + $XDG_CONFIG_HOME/MyApp. diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml index 28e7f599a..3f917b603 100644 --- a/doc/flatpak-run.xml +++ b/doc/flatpak-run.xml @@ -366,13 +366,29 @@ - Remove access to the specified subset of the filesystem from - the application. This overrides to the Context section from the + Undo the effect of a previous + FILESYSTEM + in the app's manifest and/or the overrides set up with + flatpak-override1. + This overrides the Context section of the application metadata. - FILESYSTEM can be one of: home, host, host-os, host-etc, xdg-desktop, xdg-documents, xdg-download, - xdg-music, xdg-pictures, xdg-public-share, xdg-templates, xdg-videos, - an absolute path, or a homedir-relative path like ~/dir. + FILESYSTEM can take the same + values as for , but the + :ro and + :create suffixes are not + used here. This option can be used multiple times. + + This option does not prevent access to a more + narrowly-scoped . + For example, if an application has the equivalent of + in + its manifest or as a system-wide override, and + flatpak override --user --nofilesystem=home + as a per-user override, then it will be prevented from + accessing most of the home directory, but it will still + be allowed to access + $XDG_CONFIG_HOME/MyApp.