// we are

Linux Sandbox Utils


SandboxUtils is a collection of utilities for accessing resources from within a Linux userland sandbox, through DBus. Ultimately, it will be made of:

  • a launcher that starts a D-Bus activatable GUI application in a sandbox with
  • a privileged server that exposes various APIs to said application and can grant it access to resources
  • APIs for displaying file choosing widgets and dialogs, through which users can express their desire to let apps use files
  • APIs to grant access to privileged Wayland operations based on the system and user’s configurations


Currently under heavy-development and below alpha stage. Efforts focus on the server and an initial SandboxFileChooserDialog interface in lieu of GtkFileChooserDialog. See repository for code.


A file chooser dialog that is designed for sandboxed applications. This dialog aims to almost provide feature parity with GTK+’s file chooser dialog. In contrast with GTK+, it provides less methods for actually displaying the dialog and especially contains states:

  • Configuration: in which the application can prepare the dialog, set the type of action it performs, the folder it opens on, et cetera
  • Running: where the dialog is displayed, the app cannot touch it and the user may select files
  • Data retrieval: where the app may retrieve the names of files the user picked; Only these files can be opened by the app

Besides, some things that were easy to do in the past become challenging with sandboxed apps. For instance, if your user omits a file extension when saving a file, you no longer can add it automatically before actually writing to the file system. Indeed, that’d mean you’re writing to a different path than the one specifically authorised by the user. To compensate for such discrepancies, SandboxFileChooserDialog provides you with extra API methods. For instance, we will propose a filename autocompletion subsystem that displays to the user the ways in which you intend to change the name they type, and will grant you access to the final name rather than the user-typed one.

See our repository for code and mockups. The API is of course not stable yet.