Sailjail
Certain files and directories are protected on SailfishOS. This was done on < 4.0 using privileges (see !122 (merged)), and since 4.0 there's the experimental SailJail. I previously believed that we needed this, but the privileges system work perfectly fine. This MR serves as a demo of SailJail for WF.
Implements #400 (closed)
-
Rebase when !122 (merged) is merged
Sailfish 3.4 compatibility
~~This is the main issue. To enter the jail, we need to launch Whisperfish through /usr/bin/sailjail, which doesn't exist on 3.4. I see two options here: either the SailfishOS 3.4 community provides some sailjail-compat package, that just executes the arguments to /usr/bin/sailjail without actually jailing anything, or we provide two different Whisperfish versions that ship different .desktop files depending on < 3.4 vs >= 4.0. We can also (but holy harbour-whisperfish a script that decides on whether to jail itself or not.
-
Decide on the compat strategy -> We go with a shell script for now, maybe transpose that into separate builds some day later. -
Implement the compat strategy~~
Jolla did this for us in 4.4, hooray!
Jailing
-
Add the necessary permissions to the .desktopfile-
Still needs something to access pictures/gallery for sending attachments.
-
-
Start Whisperfish jailed -
Remove privileges after !122 (merged) is merged (revert 96095c00) -
If still relevant, make sure translatables for the custom permission(s) are there. -
Figure out what happened to notifications.
Fix #400 (closed) #232 (closed) #231 (closed) #132 (closed)
/post_ci_links