如何为子沙箱暴露用户选择的文件？

I’m using flatpak-spawn --sandbox as a sandbox in my project to run user-provided NWJS code. Obviously, I need to expose the user-selected directory to the sub-sandbox.

Initially, I used xdg-portal + FileChooser to request the user to select a directory, which did expose the directory to my app at /run/user/1000/doc.

Then I tried exposing files to the sub-sandbox using the --sandbox-expose-path= parameter, but that didn’t work.

[Screenshot]

The only solution I can think of is to directly request access to the user’s entire home directory in the app’s permissions using --filesystem=home. This would provide all of the user’s files to the app, including the user-selected directory in the ~ area, thus directly exposing them to the sub-sandbox.

However, directly requesting access to the user’s entire home directory isn’t a good idea either. Is there any way to solve this problem?

Google Translate