Allow multiarch in the apply_extra for extra-data

Some things could need to run e.g. i386 code in apply_extra (for example #3742). In this very limited context (almost everything is read-only) this seems pretty secure. We could require the app to specify a multiarch pemission to allow this, but such permissions only really make sense for an app, and extra data is often used for other things like runtimes and extensions, that seems a bit weird. Lets just enable it always.
author: Alexander Larsson <alexl@redhat.com> 2020-08-17 16:40:53 +0200
committer: Alexander Larsson <alexander.larsson@gmail.com> 2020-08-20 16:44:39 +0200
commit: 83f11317e6a9b6aec02a5a9f2d9c1f1df7d68f1d (patch)
tree: 65d7adec15652db1f578bffd2f0d935846417d0f
parent: 8c23c90c1e8f4cc4e83a85cd00844875fdf99b6b (diff)
download: flatpak-83f11317e6a9b6aec02a5a9f2d9c1f1df7d68f1d.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
index 089b65db..ab2d5e3d 100644
--- a/common/flatpak-dir.c
+++ b/common/flatpak-dir.c
@@ -7383,6 +7383,8 @@ apply_extra_data (FlatpakDir   *self,
                           NULL);
 
   if (!flatpak_run_setup_base_argv (bwrap, runtime_files, NULL, runtime_ref_parts[2],
+                                    /* Might need multiarch in apply_extra (see e.g. #3742). Should be pretty safe in this limited context */
+                                    FLATPAK_RUN_FLAG_MULTIARCH |
                                     FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_NO_PROC,
                                     error))
     return FALSE;
author	Alexander Larsson <alexl@redhat.com>	2020-08-17 16:40:53 +0200
committer	Alexander Larsson <alexander.larsson@gmail.com>	2020-08-20 16:44:39 +0200
commit	83f11317e6a9b6aec02a5a9f2d9c1f1df7d68f1d (patch)
tree	65d7adec15652db1f578bffd2f0d935846417d0f
parent	8c23c90c1e8f4cc4e83a85cd00844875fdf99b6b (diff)
download	flatpak-83f11317e6a9b6aec02a5a9f2d9c1f1df7d68f1d.tar.gz