Unable to access all filesystem folders in /home/user/ (fedora 41)
-
I'm running fedora 41 & I can't seem to get Vivaldi to access certain folders/files via file:///
If I have an html file in my /home/nigel/Downloads folder, it loads up just fine.
file:///home/nigel/Downloads/site/curated.html
If I have the same file in my /home/nigel/Documents folder, it does not. Instead it creates, what I assume, is a virtual location for it. That means that any dependencies (css, etc) are missing, so it won't load correctly.
file:///run/user/1000/doc/36e9d42a/curated.html
This is further backed up by inputing
file:///
And browsing the local filesystem. This is what it can see in my home folder (clearly not everything).
.config/ .local/ .pki/ .var/ Desktop/ Downloads/ Pictures/
To check, I used Firefox and it all works as expected regarding file/folder access.
I'm at a loss as to what the problem is; any ideas?
(Context: I'm using emacs with org files to generate a local website/folder as a knowledge-base. So viewing local .html files is kind of important!)
My Vivaldi details
Vivaldi 7.0.3495.29 (Stable channel) (64-bit) Revision 18bbc2b7565cf107af33fb827c768ebf6028cf18 OS Linux JavaScript V8 13.0.245.25 User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Command Line /app/vivaldi/vivaldi --enable-features=WebRTCPipeWireCapturer --disable-features=WebAssemblyTrapHandler,DesktopPWAsRunOnOsLogin --class=Vivaldi-flatpak --no-default-browser-check --flag-switches-begin --flag-switches-end --save-page-as-mhtml Executable Path /app/vivaldi/vivaldi Profile Path /home/nigel/.var/app/com.vivaldi.Vivaldi/config/vivaldi/Default
-
@CarbonWriter I think Vivaldi Flatpak has some restriction (sandbox) to access folders.
Or could be some Linux security SELinux or apparmor related.Check syslog for apparmor entries when Vivaldi tries to access folder.
But i can not tell more because i do not work with Fedora.
This below could be a workaround:
@Ruarí said in SOLVED - Stuck at version 6.9, if I update Vivaldi will not open anymore.:I have a theory. Issue this to make an apparmor rule that allows Vivaldi to use namespace support for sandboxing.
Tripple click to select the entire line then paste it in your terminal. It will need your sudo password to write the file and restart apparmor:
printf 'abi <abi/4.0>,\ninclude <tunables/global>\nprofile vivaldi-sandbox /opt/vivaldi*/vivaldi-bin flags=(unconfined) {userns,}\n' | sudo tee /etc/apparmor.d/vivaldi-sandbox >/dev/null && sudo systemctl restart apparmor.service
-
@DoctorG OK, thanks for the heads up. I'm pretty sure it's SELinux that's doing its thing.
Guess I know what I'll be reading up on for a while...
If I discover anything significant, I'll reply to this post.
-
@DoctorG Well now I know a heck of a lot about SELinux (which is super cool). However, I think it's actually a flatpak thing, as you hinted at. All flatpaks run in a sandbox, where the required access has to be requested/stated. I've found the metadata file in the Vivaldi flatpak that details this, and it appears to match what I've experienced. So that explains it all.
Next step is to work out the (correct) way to change it. I'm sure I can hack the metadata file itself
(here)/var/lib/flatpak/app/com.vivaldi.Vivaldi/current/active/metadata
... but not at all sure if that's the correct thing to do... (more reading!)
-
@CarbonWriter Why do you need to run flatpak at all? Flatpaks were made for Vivaldi after users who (for some reason) really really wanted it kept complaining.
They're meant for convenience and easy installation, not for users with "special needs".
And being allowed to open local HTML files is indeed "special".Just install it like you'd install other software, through your software repo.
-
@Pathduck I did install it via the Fedora 41 repo. Can't remember if there were multiple options for the source.
Also, opening local HTML files isn't exotic. I know it's not exotic because there's an easily accessible menu for it... And, ya know, file manager double click..
From a security point of view, sandboxes (and selinux) make perfect sense to me. I just wanted to tweak it.
I can (now) see what it's doing, and understand why it's doing it. I'm totally cool with working it out.
-
Resolved
It was a standard flatpak app configuration setting. In the filesystems= value in the Context section, it quite simply sets the permissions that it requires (as an application). (Like everything on fedora 41, these would be subject to SELinux, but in this case that wasn't an issue - I checked as part of my initial investigation).
I added the Documents folder in home, making sure I used the "xdg-documents" notation for it. That worked like a dream. I suspect that this file will be reset after each upgrade - I'll check on it.
In summary, it was a sensible flatpak setting/restriction, and in this case not an SELinux restriction. Here is the Context section, with my change being on the filesystems line.
File in question:/var/lib/flatpak/app/com.vivaldi.Vivaldi/current/active/metadata
[Application] name=com.vivaldi.Vivaldi runtime=org.freedesktop.Platform/x86_64/23.08 sdk=org.freedesktop.Sdk/x86_64/23.08 base=app/org.chromium.Chromium.BaseApp/x86_64/23.08 command=vivaldi required-flatpak=1.8.2 [Context] shared=network;ipc; sockets=x11;wayland;pulseaudio;pcsc;cups; devices=all; filesystems=~/.config/kioslaverc;~/.local/share/applications:create;/run/.heim_org.h5l.kcm-socket;~/.config/dconf:ro;xdg-download;xdg-run/dconf;xdg-pictures/Vivaldi Captures:create;xdg-desktop;xdg-documents;~/.local/share/icons:create;xdg-run/pipewire-0; persistent=.pki;
I'm not aware of a way to do this via the in-app settings; happy to be corrected.Scrap that
There is a standard way to modify the application permissions of flatpak installs, via the package manager. A button called "Configure Permissions ..." It's listed there.I'm guessing it ends up changing the same file, but it also is persistent across application updates.
The changes end up living here, which is why they remain persistent:/home/nigel/.local/share/flatpak/overrides/com.vivaldi.Vivaldi
(Hope this helps anyone who runs into the same issue/knowledge-gap!)