From 32c571ae79daabd1831458165801fb89d4e60fd7 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 7 Sep 2016 11:46:37 +0200 Subject: [PATCH] Move $XDG_RUNTIME_DIR/flatpak-info to /.flatpak-info and make it read-only The old location keeps working because we create a symlink. The interesting part of this is that the sandbox now can't modify, remove or replace the file, and it is in a fixed position. This means that given a sandboxed pid, we can find this file as "/proc/$pid/root/.flatpak-info". This is very nice for two reasons: * We can use this instead of the cgroup to find out if a pid is sandboxed or not. This means we can drop the dependency on systemd --user for this. * We can get more information about the peer process that the app id. For instance, we can see what permissions the sandboxed app has. --- common/flatpak-run.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/common/flatpak-run.c b/common/flatpak-run.c index 8e63a62a..c80007e0 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -2559,7 +2559,7 @@ flatpak_run_add_app_info_args (GPtrArray *argv_array, g_autoptr(GFile) files = NULL; g_autofree char *files_path = NULL; g_autofree char *fd_str = NULL; - g_autofree char *dest = g_strdup_printf ("/run/user/%d/flatpak-info", getuid ()); + g_autofree char *old_dest = g_strdup_printf ("/run/user/%d/flatpak-info", getuid ()); close (fd); @@ -2589,7 +2589,10 @@ flatpak_run_add_app_info_args (GPtrArray *argv_array, if (fd_array) g_array_append_val (fd_array, fd); - add_args (argv_array, "--file", fd_str, dest, NULL); + add_args (argv_array, + "--ro-bind-data", fd_str, "/.flatpak-info", + "--symlink", "../../../.flatpak-info", old_dest, + NULL); } return TRUE;