Why not refine Apparmor to allow access to the home directories but block access to all .dotfiles except for .tor and .tor-browser and .local/share/flatpack?
> # Allow read-write access to specified user directories
> owner @{HOME}/{Documents,Downloads,Music,Pictures,Videos,Persistent}/ rw,
> owner @{HOME}/{Documents,Downloads,Music,Pictures,Videos,Persistent}/** rwk,
> # Deny access to all hidden files and directories by default, with exceptions for .tor and .tor-browser
> deny owner @{HOME}/. w,
> deny owner @{HOME}/.** w,
> # Explicitly allow access to .tor and .tor-browser directories
> owner @{HOME}/.tor/ rw,
> owner @{HOME}/.tor/** rwk,
> owner @{HOME}/.tor-browser/ rw,
> owner @{HOME}/.tor-browser/** rwk,
If access to ~/.local/share/flatpak is needed for flatpack:
> # Allow read-write access to .local/share/flatpak for Flatpak integration
> owner @{HOME}/.local/share/flatpak/ rw,
> owner @{HOME}/.local/share/flatpak/** rwk,
I understand it might be "safe" but why not go further?
On Jun 2, 2025 at 6:36 AM, anonym <anonym@???> wrote:Hi!
On 01/06/2025 06.02, Ubadah Assaf via Tails-dev wrote:
> Files uploads not blocked from /home/amnesia/.local/share/Trash/ but
/home/amnesia/.local/share/Trash/ is not available in browser .
>
> After showing hidden files viewable in GNOME files. I was able to upload a
.png that I deleted that was in Trash to a website.
>
> Was curious so this was a test but I'm not quite sure why apparmor or
whatever sandboxing isn't more fine tuned? Before I wasn't able to access my
whole home folder nor the Persistent storage from the browser if I went to
upload to a site?
This is intentional and safe. Since Tails 6.14.1 [0] Tor Browser
mediates that kind of filesystem access through XDG Desktop Portals [1].
Cheers!
[0]
https://tails.net/news/version_6.14.1/
[1]
https://flatpak.github.io/xdg-desktop-portal/
- Ubadah Assaf
--
Sent with
https://mailfence.com
Secure and private email
