mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-03-27 11:22:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

flatpak-metadata: Note host-root symlink pitfalls

Browse Source 
Following symlinks from /run/host/root naively (for example, with
realpath()) is wrong.

This commit warns about this problem, and provides examples of how to
avoid it when using the host-root permission, either by using
https://man7.org/linux/man-pages/man2/openat2.2.html for modern kernels,
or 65adfdd5fc/steam-runtime-tools/resolve-in-sysroot.c
for older kernels.

Signed-off-by: Ryan Brue <ryanbrue.dev@gmail.com>
This commit is contained in:
Ryan Brue
2025-09-08 12:13:09 -05:00
committed by Sebastian Wick
parent 0493219ca5
commit 02587b5676
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
doc/flatpak-metadata.xml
View File

@@ -360,6 +360,25 @@
permissions for applications that need the
entire root filesystem of the host.
</para>
<para>
Please note that following symlinks under
<filename>/run/host/root</filename> naively
will result in a wrong path. For example,
using <literal>realpath()</literal> is wrong.
Instead, applications will have to implement
some way of following symlinks in a way that
behaves as if it were chroot'd into
<filename>/run/host/root</filename>.
</para>
<para>
There are a few ways to do this. Modern
kernels support the <ulink url="https://man7.org/linux/man-pages/man2/openat2.2.html">openat2()</ulink>
call with <literal>RESOLVE_IN_ROOT</literal>.
For a more portable solution with support for
older kernels, see the implementation from
the <ulink url="https://gitlab.steamos.cloud/steamrt/steam-runtime-tools/-/blob/65adfdd5fc812aeb5f33986755f6ff72c9612afa/steam-runtime-tools/resolve-in-sysroot.c">steam-runtime-tools</ulink>
as an example.
</para>
<para>
Available since 1.17.
</para></listitem></varlistentry>