cross-posted from: https://lemmy.ndlug.org/post/1104312

The upcoming Ubuntu 24.10 operating system promises a new feature called “permissions prompting” for an extra layer of privacy and security.

The new permissions prompting feature in Ubuntu will let users control, manage, and understand the behavior of apps running on their machines. It leverages Ubuntu’s AppArmor implementation and enables fine-grained access control over unmodified binaries without having to change the app’s source code.

From Ubuntu Discourse: Ubuntu Desktop’s 24.10 Dev Cycle - Part 5: Introducing Permissions Prompting

This solution consists of two new seeded components in Ubuntu 24.10, prompting-client and desktop-security-center alongside deeper changes to snapd and AppArmor available in the upcoming snapd 2.65. The first is a new prompting client (built in Flutter) that surfaces the prompt requests from the application via snapd. The second is our new Security Center:

In this release the Security Center is the home for managing your prompt rules, over time we will expand its functionality to cover additional security-related settings for your desktop such as encryption management and firewall control.

With prompting enabled, an application that has access to the home interface in its AppArmor profile will trigger a request to snapd to ask the user for more granular permissions at the moment of access:

As a result, users now have direct control over the specific directories and file paths an application has access to, as well its duration. The results of prompts are then stored in snapd so they can be queried and managed by the user via the Security Center.

  • JubilantJaguar@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    1 month ago

    XDG Desktop Portals as a standardised way for applications to access resources that are outside of the sandbox

    It is designed to enable desktop applications to take full advantage of snap packaging

    So all this only affects Snap apps, is that correct?

    • pnutzh4x0rOPA
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      Yes, based on the diagrams on their blog, it looks like this only impacts Snaps.