madaidan via Whonix Forum:
Most Debian packages aren’t autogenerating config files for every app on the system. I think it’d make sense to do this for sandbox-app-launcher because otherwise, there will be tons of leftover files.
I guess best compromise is “apt remove” not remove config files but “apt
purge” remove all.
I don’t think it should make much difference.
I speculate that APT running in sandbox will not be allowed to interact
with the user’s X.
It doesn’t matter what tty it’s on if it can see the X socket (/tmp/.X11-unix
).
When user is ruining “apt dist-upgrade” in virtual console tty1 while X
is unattended (tty7) it would be weird. apt started from tty1 would
result from popping up a GUI in tty7.
It might be better to make sandbox-app-launcher generate the config if it’s not there?
I don’t understand how that would be useful yet. Generate config with
“all yes” versus sandbox-app-launcher script internally assume “if there
is no config file, assume all yes” seems functionally be the same.
Trying to imagine future discussions / support requests. User asks
“which applications are covered by sandbox-app-launcher?” then indeed
these auto generated “all yes” config files would have a point.
“What are sandbox-app-launcher for applications in?” → “Review your
files in /etc/sandbox-app-launcher/ folder.” → Nothing there. Not great.
if ! [ -f "/etc/sandbox-app-launcher/${app_name}.conf" ]; then
/usr/share/sandbox-app-launcher/setup-permissions "${app_name}"
fi
Given my thoughts above, makes sense.
One thing: an autogenerated /etc/sandbox-app-launcher/${app_name}.conf
should indicate that it’s, well, autogenerated. Should add appropriate
comment. Also settings files chose by user and generated by config
script should point that out in comments accordingly.
This way, it doesn’t break non-interactive stuff
I wasn’t worried about non-interactive stuff as “no config = assume all
yes” would be simple to implement.
and it also doesn’t worsen security by assuming yes.
Yeah, functionally the same.