[sane-devel] Sandboxing scanner applications
Alexander Pevzner
pzz at apevzner.com
Fri Sep 18 16:22:33 BST 2020
On 9/18/20 6:01 PM, Bastien Nocera wrote:
> So the application inside the sandbox would ship with sane-airscan
> backend, and use this protocol, over the network, to communicate with
> the fake "airscan" scanner running outside the sandbox, right?
Over loopback in most cases.
> Having every scanner application access the network is going to be a
> problem, much like having to punch of network hole to get full CUPS
> access is a problem right now. Is there going to be another transport?
AFAIK, loobback is not usually protected by firewall.
Using TCP/IP stack instead of AF_UNIX sockets has an advantage to allow
using of Avahi daemon for local discovery of present devices. With
alternative transport, some alternative discovery method should be
designed and implemented.
> Note, I said authorisation, not authentication. "Authorisation" is when
> the user chooses to allow or disallow access by the application. It's
> the method, coupled with user intent, used by Flatpak portals to check
> whether an application is allowed to use a particular resource outside
> the sandbox.
Neither me not Till seems to be familiar with Flatpak, so I would
appreciate if provide a bit more detailed explanation of how the things
expected to work.
1. There is a "Scanner Application", backed by SANE stack, which has a
physical access to the scanner, running in the isolated Flatpack environment
2. There is some Client program, that wants to scan (for example, xsane
or simple-scan, or even libreoffice). It may or may not be running in a
sandbox
Who and in which terms will allow access of (2) to (1)?
--
Wishes, Alexander Pevzner (pzz at apevzner.com)
More information about the sane-devel
mailing list