Code review comment for lp:~michihenning/unity-scopes-api/scope-cache-dir

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

> > Following up on this:
> >
> > > - I'm questioning the wisdom of what I suggested above. It seems that the
> > > registry is forced to do a lot more than it should have to
> >
> > How is this going to work for apps? I expect that applications also will
> need
> > a writable area in the file system somewhere. How do apps find out where
> they
> > can write their files?
>
> https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement but
> iiuic Qt itself was patched to build the directory based on a few envvars. Imo
> we should just do the same, afterall the path has to be "prefix + scope_id",
> and the prefix can be passed as an envvar - it's not like a single process can
> be both unconfined and leaf-net at the same time.

The app toolkits all understand XDG We make sure all the XDG directories are set correctly to *system* values, not app-specific values. Then have the app declare its applicationName. The toolkits all known how to known to append applicationName to the XDG directories (this is standard practice going back years and years). Applications can then use QStandardPath to query for these values.

As mentioned, apps are quite different than scopes and there is no concept of 'an app has wide filesystem/data access but no network access). All apps are assumed that they may have networking and therefore all apps are very tightly confined wrt filesystem/data access, so there is no need draw a distinction between app templates like we are for scope templates.

We can use the same idea for scopes though-- just like applications declare their applicationName in their QML and that adjusts their application directories, scopes can declare in their .ini file what scope type they are which will adjust their writable scope directory.

« Back to merge proposal