New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Device permission compatibility #5681
Comments
I agree with the concept, I think that would help moving forward. I might bikeshed the syntax but I'm not sure of anything better offhand. |
Added a small section about the syntax at the end of the description. |
In particular, anyone looking at implementing this should look at the implementation of |
Would it perhaps be better to design a syntax for which any app with a Flatpak >= 1.16.0 dependency will be able to stop specifying For example I could imagine that in future, we might want something like:
with the semantics being:
That way, as soon as an app is comfortable with adding a dependency on a Flatpak that is new enough to understand the |
The goal here is to not have to wait for "being comfortable to depend on a flatpak new enough". The policy of certain distros lead to a too long wait time to get newer version. The goal is that it works, albeit with broader permissions, with today flatpak, without user intervention. I like this idea of this fallback syntax, but I don't think the complexity is worth to have more than one fallback per device. It feels more verbose, but clearer of intent than my proposal. However the following:
wouldn't work on an old flatpak: it wouldn't know about any of the device and there would be none exposed. Now we could make it so that:
would do the same as above, but, because An older flatpak that doesn't understand the fallback syntax would just use Further we could make it less verbose:
The difference with above is the lack of |
I understand that, but I also don't want to still be carrying around 2024 workarounds in 2044 because there was no exit strategy for removing them. There has to be some point in the distant future at which app authors can rely on a new enough Flatpak.
Yes, that's what I thought - and then, eventually, perhaps in 2029 or 2034, app maintainers can drop the confusing
I think the meaning of this is not clear enough to a reader: it looks like a strange way to spell |
This provide compatibility to disable all devices when there is new device option Fixes flatpak#5681 Signed-off-by: Hubert Figuière <[email protected]>
This provide compatibility to disable all devices when there is new device option. A fallback device is specified like `input,all`. This mean that if it knows about `input` this indicate that `all` as a separate device will be removed to narrow down the permissions. Fixes flatpak#5681 Signed-off-by: Hubert Figuière <[email protected]>
This provide compatibility to disable all devices when there is new device option. A fallback device is specified like `input,all`. This mean that if it knows about `input` this indicate that `all` as a separate device will be removed to narrow down the permissions. Fixes flatpak#5681 Signed-off-by: Hubert Figuière <[email protected]>
This provide compatibility to disable all devices when there is new device option. A fallback device is specified like `input,all`. This mean that if it knows about `input` this indicate that `all` as a separate device will be removed to narrow down the permissions. Fixes flatpak#5681 Signed-off-by: Hubert Figuière <[email protected]>
This provide compatibility to disable all devices when there is new device option. A fallback device is specified like `input,all`. This mean that if it knows about `input` this indicate that `all` as a separate device will be removed to narrow down the permissions. Fixes flatpak#5681 Signed-off-by: Hubert Figuière <[email protected]>
This provide compatibility to disable all devices when there is new device option. A fallback device is specified like `input,all`. This mean that if it knows about `input` this indicate that `all` as a separate device will be removed to narrow down the permissions. Fixes flatpak#5681 Signed-off-by: Hubert Figuière <[email protected]>
This provide compatibility to disable all devices when there is new device option. A fallback device is specified like `input,all`. This mean that if it knows about `input` this indicate that `all` as a separate device will be removed to narrow down the permissions. Fixes flatpak#5681 Signed-off-by: Hubert Figuière <[email protected]>
This provide compatibility to disable all devices when there is new device option. A fallback device is specified like `fallback:input,all`. This mean that if it knows about `input` this indicate that `all` as a separate device will be removed to narrow down the permissions. Fixes flatpak#5681 Signed-off-by: Hubert Figuière <[email protected]>
Checklist
Suggestion
Related issues #4405 (PR #5620) #5524 #5481
We want to add permissions for device categories.
As of now we have
dri
,kvm
,shm
,all
, and the recently addedinput
(see #5481). The latter is why I'm filing this.Device
all
is used in a lot of situations when needed access to input devices (game controllers), USB (see #5620 for that part) etc.input
was added in #5481 but this mean that using--device=input
is only when flatpak 1.15.6 or later, which seriously limit its use. The only way to have this work out of the box is to add--device=all
which make the case of using--device=input
moot.Solution:
We should have a mechanism to allow the transition. Here is the proposal:
For compatibility purpose, the packager will indicate
device=input
, ignored by old flatpaks,device=all
understood by old flatpak, anddevice=not-all,input
to indicate newer flatpak thatall
should be ignored forinput
.Later, we add support for
usb
, then we would indicatedevice=not-all,usb,input
to disable the deviceall
for bothinput
and the just addedusb
.The importan part is the forward looking mechanism. Support for
device=not-all
is implemented the following way:device=not-all
always followed by comma separated devices. Example:device=not-all,input,usb
. The interpretation is: if for all the devices specified if flatpak knows about the device and it is specified the device=all is deselected.The behaviour of
dri
,kvm
,shm
is unchanged, BUT sepecifying--device=not-all
will require to specify them explicitely.Example:
flatpak < 1.15.6 (most distro)
Device: all ON, as it doesn't recognize anything but
all
.flatpak know
input
but notusb
:Device: all OFF
Device: all OFF, because
usb
is not specified.Device: all ON, because it doesn't know about USB devices so it needs to let them all.
flatpak know
input
andusb
:Device: all OFF. This is the forward compatibility.
Using
--device
should allow to not require to add anything toflatpak-builder
.While the options are presented as
finish-args
from the manifest the metadata form would luke this:About the syntax
The choice of comma
,
as a separator fits as the keyfile uses the semi-colon;
. So there is no conflict. It's a free form string because it allow just ignoring it if the flatpak version is too old.The choice of
not-all
seems to be clear. Someone suggestednot-all-if
. It can be considered if clearer.The text was updated successfully, but these errors were encountered: