Fix secrets.el when Emacs is a flatpak

* doc/misc/dbus.texi (Flatpak integration): New chapter. * lisp/net/secrets.el (top): Protect against wrong signals in the flatpak case. (Bug#80977)
2026-06-14 12:31:25 +00:00 · 2026-05-11 18:11:24 +02:00 · 2026-05-11 18:11:24 +02:00 · 519fd83211
commit 519fd83211
parent 9e4ea934f2
2 changed files with 41 additions and 5 deletions
--- a/doc/misc/dbus.texi
+++ b/doc/misc/dbus.texi
@ -66,6 +66,7 @@ another.  An overview of D-Bus can be found at
 * Errors and Events::           Errors and events.
 * Monitoring Messages::         Monitoring messages.
 * File Descriptors::            Handle file descriptors.
+* Flatpak integration::         Integration with flatpak
 * Index::                       Index including concepts, functions, variables.

 * GNU Free Documentation License:: The license for this documentation.
@ -2302,6 +2303,38 @@ instance have acquired a file descriptor as well.  Example:
@end defun


+@node Flatpak integration
+@chapter Integration with flatpak
+
+@c https://docs.flatpak.org/en/latest/sandbox-permissions.html
+@c TODO: This needs more input.
+
+If you run the Emacs flatpak program, there are restrictions.  By
+default, there is limited access to the session D-Bus, and no access to
+the system D-Bus.  You must enable access to services living outside the
+sandbox like
+
+@example
+# flatpak override --talk-name=org.freedesktop.secrets org.gnu.emacs
+@end example
+
+@samp{org.gnu.emacs} is the Emacs flatpak application, and
+@samp{org.freedesktop.secrets} is a service you want to talk to, for
+example.
+
+Access to the entire bus with @samp{--socket=system-bus} or
+@samp{--socket=session-bus} stops the filtering and using them is a
+security risk. So they must be avoided.
+
+@c Bug#80977.
+Service names might be mapped when arriving Emacs.  For example, you
+will see the @samp{org.freedesktop.DBus.NameOwnerChanged} signal for
+service @samp{org.freedesktop.portal.Flatpak}, even if you have
+registered the signal for another namespace.
+
+@c TODO: What about portals?
+
+
@node Index
@unnumbered Index

--- a/lisp/net/secrets.el
+++ b/lisp/net/secrets.el
@ -913,11 +913,14 @@ to their attributes."
   :session dbus-service-dbus dbus-path-dbus
   dbus-interface-dbus "NameOwnerChanged"
   (lambda (&rest args)
-     (when secrets-debug (message "Secret Service has changed: %S" args))
-     (setq secrets-session-path secrets-empty-path
-	   secrets-prompt-signal nil
-	   secrets-collection-paths nil))
-   secrets-service)
+     ;; The flatpak version of Emacs shows also signals from
+     ;; "org.freedesktop.portal.Flatpak".  (Bug#80977)
+     (when (and (stringp (car args)) (string-equal secrets-service (car args)))
+       (when secrets-debug (message "Secret Service has changed: %S" args))
+       (setq secrets-session-path secrets-empty-path
+	     secrets-prompt-signal nil
+	     secrets-collection-paths nil)))
+   :arg-namespace secrets-service)

  ;; We want to refresh our cache, when there is a change in
  ;; collections.