[sane-devel] Sandboxing scanner applications
Jörn-Ingo Weigert
jiweigert at gmail.com
Thu Sep 17 15:55:27 BST 2020
Got it.
Bastien Nocera <hadess at hadess.net> schrieb am Do., 17. Sep. 2020, 16:04:
> On Thu, 2020-09-17 at 15:38 +0200, Jörn-Ingo Weigert wrote:
> > Hi Bastian,nice idea. As SANE is already network capable to provide
> > connected scanners to the network,
> > (simply a network device) it make not really sense, to provide
> > sane(d) via Flatpak in my eyes.
>
> I have no plans on running saned inside the sandbox. It's about running
> a server on the outside of the sandbox, talking to the real hardware,
> so that applications don't need direct hardware access.
>
> > however, having SANE-based applications like XSane/ scan-image as
> > Flatpak version, maybe a nice idea.
>
> Most of them are blocking on having a scanner portal, which is what
> this is about. For example:
> https://github.com/flathub/flathub/pull/1111
>
> And paperwork needs access to all the devices, and ship its own sane-
> backends, which means it only works with the scanners supported by
> sane-backends:
> https://github.com/flathub/work.openpaper.Paperwork
>
> > But for this you don't need to modify saned. ...
>
> You need to, if you don't want saned listening on the network, being
> auto-activatable, and being able to add a portal/proxy in between so
> that scanner access is a changeable permission.
>
> We can't easily filter network calls, and most scanner apps don't need
> network access, so giving them network access opens the sandbox for no
> good reason.
>
> > Or do I miss here something?
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/sane-devel/attachments/20200917/ca1e7820/attachment.html>
More information about the sane-devel
mailing list