List of application affected by SailJail

Seems it is broken on 4.4, but unrelated to SailJail.

1 Like

You probably shouldn’t “repair” it.
Either put a symlink where it is accessible, e.g. in Music straight to your music on the sd card.
Maybe even talk to the author about better integration of music on sd-cards, or better yet contribute to the project.

Call Recorder doesnt open after the vanha rauma update, unless you add the sandboxing=disabled line. It is available off of storeman

A symlink in ~/Music is visible and works. Thank you much! A symlink in /home/defaultuser/ is not visible. Therefore I asked. Some other directories in ~/ also are not visible.

Yes, you are right. I tried to install the SDK a few weeks ago and failed, but I will try again.

That is intended functionality.
Only some subdirectories there are allowed/allowable.

If only one could be so certain. We have a bunch of stuff in: /home/defaultuser/.local/share/system/privileged/ which can’t be accessed ‘normally’, but also have unencrypted email passwords in an sqlite database. Sometimes, I fear, design fell by the way side. snipe, snipe.

Still, what do you mean by ‘allowable’? Or are you just referring to the default behaviour related to UserDirs? I ask because of what appears to be some amazing jailbreaking one can do with python httpserver … ServiceWorker in Webview apps - #7 by poetaster …but I’m still just testing… (which leads to spilled milk, organ transplants, tears and the gnashing of teeth.)

I don’t know, I have the same issue as you and my playlist don’t save when I close the app.
I’ve tried by editing .desktop file, but it doesn’t work

In the simplest version of the issue; certain files and folders not being available, that is very much the intention. Of that i think we can both be certain.
Yes, the privileged concept is older afaik and does its job from what i can tell. The problem is that it only more or less solves it for the built-in apps. For things that are more “regular Linux” SailJail is probably the way to go, or the patching and forking would see no end to get it up to the same level.
And then there is the age-old discussion of whitelist vs blacklist… allow or deny by default. Over all i’d say the SailJail introduction has gone pretty smoothly.

I don’t see the problem of plaintext passwords in a database, as long as it has proper access permissions. Any encryption key in use here (short of some TPM or Secure Enclave scheme) would just be security by obscurity, and we all know that is no good.

But by all means, do highlight broken stuff… i just haven’t seen anything particularly flagrant.

Yes, just referring to how the file access permissions works.
Not sure i follow the issue you link; the config directory for the current app should be open for it to do whatever with.

I’m just unhappy that a user cannot use an application to access, for instance, the calendar database without breaking both the priviledge scheme and/or sailjail. But I’m a bit stuck on the issue at the moment.

I disagree. For my part, I went in 100%. And it’s been fairly painless. But I see a lot of work-a-rounds here which undermine the very thing we’re trying to accomplish which is application isolation. But, I’m probably exaggerating

It’s not difficult to hash passwords. I don’t see anyone NOT hashing passwords in any application I maintain (I mean day job, server). But then, I get a lot of you’ve been pwned mail for my users …

That’s what I mean with still testing. I’m fairly certain I can go beyond the applications directory. I’ll get back to that.

Certainly not, and of course it should be done where possible. But the thing, afaik, here is that this is password storage to make the passwords usable by the application; sort of like in a rudimentary password manager.
(As opposed to storage of a hash for checking against, or storage of oauth tokens - which i understood was done where possible).

Come to think of it; these should probably move to Sailfish Secrets, but short of that any other measures are just window-dressing as i understand it.

Bingo. That seems like not so much effort? It just surprised me that it wasn’t already in Secrets.

I guess one issue is that Accounts are background things, and the Secrets flow is foreground/app-oriented. Another couple of secrets dialogs after lock code and pin at boot-up would seem a little much…
But let’s round this tangent off here maybe and pick it up somewhere/-time else?

Yes, right you are. Off to install deadbeef :slight_smile:

1 Like

Did you try


That worked for me with your build. Even remembers the position in the last track on restart.

1 Like

As I said before, when I add:

to desktop file, app disappeared from the app grid.
I’ve removed deadbeef, done clean install and edited desktop file again. I’ve noticed that an space is added to the end of “Icon=deadbeef-silica” and that was the reason that the app was missing :woman_facepalming: I removed it and deadbeef-silica is in my app grid, and it works fine!!


Yeah! I was hoping not to have to get into the source. At about 1050 in deadbeefs main it get’s hairy with the conf and cache directory handling :slight_smile:

So, finally, for normal people, what is the best way to access the DBs in this dir?
I mean e.g. for accessing the contacts or calendar DBs with scripts?

@dcaliste , on vacation I believe, is the person to answer that. What I’ve been doing is in the c++ context and ‘against the rules’. If I was to script something, I’d probably resort to root. Are you doing something on a regular interval or with some kind of a trigger? Could become a systemd cron like job?

EDIT, I just see you have another thread open for this. I’ll head there.

1 Like

Now I found out how to create, save and load playlists. DeadBeef forgets the current playlist on close and starts always with an empty playlist. So I have to save the current playlist manually before closing DeadBeef, if it is a new one and if I want to resume it at next starting time of the app.

I was unable to install the deadbeef silica at rpm at all on my XperiaX

Is there a method/secret hidden in this thread?