diff options
| author | Matthias Clasen <mclasen@redhat.com> | 2019-01-20 12:27:23 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2019-01-21 09:17:29 +0000 |
| commit | 39152a6d4095af8ba3e075e1b464633b04f909c8 (patch) | |
| tree | e0de6c0f7f2087e0779c33d1dcae269dbb7b4a61 /icon-validator | |
| parent | 8f4d929e4564ea333edc6c2d57263404a487d254 (diff) | |
| download | flatpak-39152a6d4095af8ba3e075e1b464633b04f909c8.tar.gz | |
Copy sandbox setup from libgnome-desktop
We need to handle source directories not existing, for example /lib64
on a pure 32-bit system.
Because relative symlinks in a directory that is itself a symlink do
not have the same meaning as the same relative symlink in a bind-mount
of that directory, ideally we want to use --symlink for /lib and /lib64
on merged-/usr systems, but --ro-bind on non-merged-/usr systems.
Also bind /etc/ld.so.cache into the sandbox.
This is especially important for libstdc++ on distributions that
don't have it directly in a libdir and the runtime linker doesn't
look where needed without /etc/ld.so.cache (e.g. if libstdc++ is
in a GCC per-version subdirectory handled via /etc/ld.so.conf.d/).
Changes originally made in libgnome-desktop by Iain Lane (see
<https://bugzilla.gnome.org/show_bug.cgi?id=787072>).
Adapted from https://github.com/flatpak/xdg-desktop-portal/pull/289
by Simon McVittie.
Closes: #2618
Approved by: alexlarsson
Diffstat (limited to 'icon-validator')
| -rw-r--r-- | icon-validator/validate-icon.c | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/icon-validator/validate-icon.c b/icon-validator/validate-icon.c index 36bd7416..4902b56b 100644 --- a/icon-validator/validate-icon.c +++ b/icon-validator/validate-icon.c @@ -19,6 +19,7 @@ */ #include <gdk-pixbuf/gdk-pixbuf.h> +#include <glib/gstdio.h> static int validate_icon (const char *arg_width, @@ -99,11 +100,33 @@ flatpak_get_bwrap (void) return HELPER; } + +static gboolean +path_is_usrmerged (const char *dir) +{ + /* does /dir point to /usr/dir? */ + g_autofree char *target = NULL; + GStatBuf stat_buf_src, stat_buf_target; + + if (g_stat (dir, &stat_buf_src) < 0) + return FALSE; + + target = g_strdup_printf ("/usr/%s", dir); + + if (g_stat (target, &stat_buf_target) < 0) + return FALSE; + + return (stat_buf_src.st_dev == stat_buf_target.st_dev) && + (stat_buf_src.st_ino == stat_buf_target.st_ino); +} + static int rerun_in_sandbox (const char *arg_width, const char *arg_height, const char *filename) { + const char * const usrmerged_dirs[] = { "bin", "lib64", "lib", "sbin" }; + int i; g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free); g_autofree char *err = NULL; int status; @@ -120,7 +143,35 @@ rerun_in_sandbox (const char *arg_width, "--unshare-ipc", "--unshare-net", "--unshare-pid", - "--ro-bind", "/", "/", + "--ro-bind", "/usr", "/usr", + "--ro-bind", "/etc/ld.so.cache", "/etc/ld.so.cache", + NULL); + + /* These directories might be symlinks into /usr/... */ + for (i = 0; i < G_N_ELEMENTS (usrmerged_dirs); i++) + { + g_autofree char *absolute_dir = g_strdup_printf ("/%s", usrmerged_dirs[i]); + + if (!g_file_test (absolute_dir, G_FILE_TEST_EXISTS)) + continue; + + if (path_is_usrmerged (absolute_dir)) + { + g_autofree char *symlink_target = g_strdup_printf ("/usr/%s", absolute_dir); + + add_args (args, + "--symlink", symlink_target, absolute_dir, + NULL); + } + else + { + add_args (args, + "--ro-bind", absolute_dir, absolute_dir, + NULL); + } + } + + add_args (args, "--tmpfs", "/tmp", "--proc", "/proc", "--dev", "/dev", @@ -130,6 +181,7 @@ rerun_in_sandbox (const char *arg_width, "--die-with-parent", "--ro-bind", filename, filename, NULL); + if (g_getenv ("G_MESSAGES_DEBUG")) add_args (args, "--setenv", "G_MESSAGES_DEBUG", g_getenv ("G_MESSAGES_DEBUG"), NULL); if (g_getenv ("G_MESSAGES_PREFIXED")) |