Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was under impression the backend has to implement all of the API to do that. Nice to know it's enough to have dbus service that listens to a single call. I might do this to replace file picker on my machine. It's still baffling however, how fork + exec <-> pipe can't be used for this. Especially considering that under all that dbus cruft the PoC essentially does this: https://github.com/ranchester2/nautilus-as-file-chooser-poc/...


Using fork and exec with a pipe is not going to work within a sandbox. That "cruft" is necessary for the thing to work...


I get why they invented this for flatpak (Even though it still could be done with processes and namespaces), but my original point was wondering why they did not originally use fork, exec and pipe.


Because the goal was to make an API that works the same both inside the sandbox and outside the sandbox. Edit: It wouldn't work with just processes and namespaces because you need a way to talk to a resource with a privilege level above the current mount namespace.


Right, the child process can't escape the sandbox. I guess IPC here is the only sane choice.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: