I’m trying to execute a system command, for example with os.system('wl-copy "some-string"') in Python. When building with flatpak, my program is unable to find the program wl-copy, because it’s installed on the host system, and my program is sandboxed.
I’ve tried adding --filesystem=host to the finish-args in the flatpak manifest, but as I learned here, the /usr directory where the program lives is blacklisted.
I then came across the concept of “flatpak portals”, which seems to be in the right direction, but I don’t see any documentation on how to implement them in a GTK+ program, and I need my program to be able to execute any arbitrary system command, as a link handler can be specified by the user in a settings dialog.
With flatpaks, programs or libraries that are used by your main program are expected to be included in your manifest, or present in the flatpak runtime you’re using. So you’ll need to build wl-copy as part of your modules in the flatpak manifest.
There is a way to run an arbitrary program present on the host, which is to use flatpak-spawn --host and to add --talk-name=org.freedesktop.Flatpak to your finish-args. But that defeats all the point of the flatpak sandbox, since here it basically makes it unsandboxed. This should only be used for programs that really can’t do without being unsandboxed, like IDE or terminals, so it’s better for you case to build wl-copy as part of your flatpak manifest.
Thanks for the reply! Yeah, I’m aware of the contradiction, it’s just because flatpak is the recommended distribution method for mobile apps (Mobian, Manjaro ARM, etc.).
The reason for this is that I want to let users specify a video player that my program will use to play video streams. You think there is a better way of doing this than allowing any arbitrary system command to be executed?
Just open it with your toolkit’s URI opening function, i.e. Gtk – 3.0. It’ll choose the appropriate application set by the user to open the given file (by looking at its MIME type or with the URI scheme), which will be the one set as default in Settings. When GTK detects it’s running in a flatpak, it’ll use the flatpak portal to do this work of finding the appropriate app and launching it (while keeping a safe sandbox).
Thanks! I learned a lot from just that one link. It seems I’ll have to embed a video player instead, as some video URLs are too obfuscated to be recognised, but that’s fine.