List of application affected by SailJail

Ah, ok.
No idea if this makes sense: As Jolla has no AGPS solution any more since Mozilla thing was disabled, did they still think of allowing “location” to access internet?

The GPS device itself is not jailed, so does not need permissions for its use.

Thanks. Do you have a suggestion as to why gpsinfo does not work for me, then?

did update sailkick, did work before but with default permissions

1 Like

as of 4.4.0.58 upgrade, all my app are now broken (works if started from command line):

mem ! : app full broken, I’m trying to build an update, no luck so far, and since this app rely on several commands and check others publics directories it probably won’t be possible to make it compatible anymore.

muuzik! : no access to sdcard, might work by adding grand to desktop file

footo ! : same, no access to sdcard

EDIT : adding permissions don’t work, as suggested by throwaway69 I’m disabling sandbowing

You can try to replace ‘Permissions=…’ with ‘Sandboxing=Disabled’ in the .desktop file under [X-Sailjail] to disable sailjail completely if the granular permissions aren’t working for you

2 Likes

perfect ! You saved my day (and my apps ! ) one have to explain why this is not in the documentation !??!

as much I would like to comply with some new security rules that would mean the death of mem and muuzik (new build won’t even start if sandbowed) I already had to remove flac support for now

Thank you. It seems to work!
EDIT: I was a little too quick. On the next start of gpsinfo after an upgrade the .desktop file that I just edited was overwritten and the
Sandboxing=Disabled line was replaced with the Permissions line and once more it doesn’t work. I’ll try to do a chattr +i to prevent it from being overwritten after each upgrade.

well, well, well. If Sandboxing=Disabled make the apps work again, this doesn’t pass rpm validation therefore it won’t be allowed on the store making all my apps dead anyway.
I’ll try to explain it to the staff but I’m sure they will refuse and I’ll have no choose than removing Mem! and Muuzik! from the store

Yeah, it’s mostly a tweak for endusers whose openrepo apps misbehave, for harbour you’ll need to get the granular settings working (and probably only using the first list from https://github.com/sailfishos/sailjail-permissions#Permissions)
If your app isn’t working with the permissions jolla provided might be worth creating a bug report

1 Like

Put yor modified .desktop file in /etc/sailjail instead.

1 Like

What do you actually need that is outside the sandbox though?

Exactly! If you’re in the store now, sanboxing should be possible? I’ve managed to get all apps that I have in the store running with far less than full sandbox privs.

1 Like

So Deadbeef doesn’t work in 4.4 even after edit desktop file? I’m on 4.3 so before I will upgrade to 4.4, I tried if Deadbeef work with Sailjail. I don’t have sdcard but because I’m using device with community port I have some files in “android_storage” (/data/media/0/). I tried two methods:

  1. disabled Sailjail and it works normally
    [X-Sailjail]
    Sandboxing=Disabled
    OrganizationName=deadbeef
    ApplicationName=deadbeef

  2. with permissions and it works but have access only to files in home
    [X-Sailjail]
    Permissions=Audio;UserDirs
    OrganizationName=deadbeef
    ApplicationName=deadbeef

You could try to add ‘RemovableMedia’ maybe?
edit: if you’re just enduser just go with ‘Sandboxing=Disabled’ that seems to disable it completely so the app should work, no idea if the plan is to disable disabling in the future, but for now it’s mostly a worry for developers who want their apps in the harbour

It doesn’t work that well: I can use the app but playlists are always empty when I open the app. However, If I start deabeef from Terminal, last playlists is loaded.

Aargh! Sailfish gets so close to doing this nicely.
For applications without defined permissions, at application first run, up pops a dialogue offering the default permissions set. Which is nice. You can even tap on each permission to get a quick explanation.

But you can’t change them!

What would have been nice is for that dialogue to offer to
(1) Accept All
(2) Deny All
(3) Toggle the permissions individually that you want to allow, and then save that (in the desktop file)((which gives a challenge at application upgrade, but we can cross that bridge when we come to it.)).

Meanwhile, there is a whole raft of applications that have not been SailJailized, and probably never will be (:disappointed:), partly because they aren’t updated in the Jolla store e.g. Compass (llornkcor.com), RPNCalc (github.com/lainwir3d/sailfish-rpn-calculator). I wish I were better at coding and could resurrect some of these, but I can’t.

You can change them, but some functionality will break, having to edit a .desktop file to make your app behave weirdly is a fair price to pay, it is automatically tracking your permissions, running the app again with less permissions will not nag you and just remove the extra ones, adding anything extra will ask for your permission again, really comfy mechanism

Where is deabeef storing the data? ~/.config or ~/local/share ?

2 Likes

‘deadbeef’ folder is in ~/.config and playlists are stored there. However,there are ‘deadbeed-silica’ empty folders in ~/.config and ~/.local/share

1 Like