Description of problem:
In GNOME Settings -> Privacy, there are tabs "Microphone" and "Camera". In each of them, you can disable those devices and you'll see the following message:
* Microphone is turned off *
No applications can record sound.
* Camera is turned off *
No applications can capture photos or videos.
However, even if you do that, it doesn't seem to have any effect. If you run Cheese, you can capture photos and videos (including sound) from your camera just fine. Similarly, if you install gnome-sound-recorder, you can record your voice also without issues.
Those options in GNOME Settings seem misleading at best. Users might be relying on those messages to think they're safe from any snooping applications, while they are not.
Version-Release number of selected component (if applicable):
(F35 Workstation Live RC1.2)
Steps to Reproduce:
1. in gnome-control-center, go to Privacy->Sound/Camera and disable both
2. run Cheese, see that it can record video+sound
3. run gnome-sound-record, see that it can record sound
If you don't disable Camera and Microphone options, there is a box saying "No Applications Have Asked for Camera Access". That also doesn't reflect the apps accessing the devices.
I had a feeling that this might be broken for a long time, so I booted F30 Workstation Live in a VM, and I can reproduce the same issue even in F30.
Created attachment 1837958 [details]
disabled camera in Settings
Created attachment 1837959 [details]
disabled microphone in Settings
This could be possibly considered a broken basic functionality of gnome-control-center under:
"All applications that can be launched using the standard graphical mechanism after a default installation of Fedora Workstation on the x86_64 architecture must start successfully and withstand a basic functionality test. "
Proposing for a discussion.
I can confirm the issue. The gnome-settings setting has no effect whatsoever on cheese.
FWIW, I think this violates user expectations and should be fixed. Since it's apparently not a regression,
I'm not convinced it should be treated as a blocker though.
In today's Go/No-Go meeting, we agreed that this is not a blocker as it exceeds our definition of "basic functionality"
Please understand: the design of System Settings panels assumes all applications are installed as flatpaks. This might be bad design, but anything that is installed via RPM could simply ignore whatever permissions you set in System Settings, so attempting to restrict their permissions would be futile.
Michael, thanks for explanation. It's definitely bad design, and misleading, because it says "**No applications** can ...". I'll file an upstream bug.
This message is a reminder that Fedora Linux 35 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 35 on 2022-12-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '35'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version'
to a later Fedora Linux version.
Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora Linux 35 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.
This should now be fixed upstream in these two MRs:
and should be part of Fedora 38 or possibly a Fedora 37 update. Let's keep this open until we can verify the fix.
This is now much better in Fedora 38. You still need to read the fine text and know what a sandboxed app is, but if you do, it's much clearer now. I'll close this.