portal: Add supports flag and set a bit if EXPOSE_PIDS is supported

We can only support this if the host bwrap is not setuid (at least for now). This allows callers to detect this case ahead of time. We also detect this case when called and return a better error code that can be detected.
2026-05-24 16:57:42 -04:00 · 2019-11-27 11:06:45 +01:00
parent ae50843851
commit 38fecb08d3
3 changed files with 63 additions and 4 deletions
--- a/data/org.freedesktop.portal.Flatpak.xml
+++ b/data/org.freedesktop.portal.Flatpak.xml
@@ -36,10 +36,27 @@
      bus name org.freedesktop.portal.Flatpak and the object path
      /org/freedesktop/portal/Flatpak.

-      This documentation describes version 2 of this interface.
+      This documentation describes version 3 of this interface.
  -->
  <interface name='org.freedesktop.portal.Flatpak'>
    <property name="version" type="u" access="read"/>
+    <!--
+        supports:
+
+        Flags marking what optional features are available.
+         The following flags values are supported:
+         <variablelist>
+           <varlistentry>
+             <term>1</term>
+             <listitem><para>
+               Supports the expose sandbox pids flag of Spawn.
+             </para></listitem>
+           </varlistentry>
+         </variablelist>
+
+         This was added in version 3 of this interface (available from flatpak 1.6.0 and later).
+        -->
+    <property name="supports" type="u" access="read"/>

    <!--
         Spawn:
@@ -86,6 +103,14 @@
               Kill the sandbox when the caller disappears from the session bus.
             </para></listitem>
           </varlistentry>
+           <varlistentry>
+             <term>32</term>
+             <listitem><para>
+               Expose the sandbox pids in the callers sandbox, only supported if using user namespaces for containers (not setuid), see the support property.
+               </para><para>
+               This was added in version 3 of this interface (available from flatpak 1.6.0 and later).
+             </para></listitem>
+           </varlistentry>
         </variablelist>

         The following options are supported:
--- a/portal/flatpak-portal.c
+++ b/portal/flatpak-portal.c
@@ -60,6 +60,7 @@ static GMainLoop *main_loop;
 static PortalFlatpak *portal;
 static gboolean opt_verbose;
 static int opt_poll_timeout;
+static FlatpakSpawnSupportFlags supports = 0;

 G_LOCK_DEFINE (update_monitors); /* This protects the three variables below */
 static GHashTable *update_monitors;
@@ -789,10 +790,20 @@ handle_spawn (PortalFlatpak         *object,
  expose_pids = (arg_flags & FLATPAK_SPAWN_FLAGS_EXPOSE_PIDS) != 0;
  if (expose_pids)
    {
+      g_autofree char *instance_id = NULL;
      int sender_pid1 = 0;
-      g_autofree char *instance_id = g_key_file_get_string (app_info,
-                                                            FLATPAK_METADATA_GROUP_INSTANCE,
-                                                            FLATPAK_METADATA_KEY_INSTANCE_ID, NULL);
+
+      if (!(supports & FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS))
+        {
+          g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                                 G_DBUS_ERROR_NOT_SUPPORTED,
+                                                 "Expose pids not supported");
+          return TRUE;
+        }
+
+      instance_id = g_key_file_get_string (app_info,
+                                           FLATPAK_METADATA_GROUP_INSTANCE,
+                                           FLATPAK_METADATA_KEY_INSTANCE_ID, NULL);

      if (instance_id)
        {
@@ -2288,6 +2299,19 @@ name_owner_changed (GDBusConnection *connection,
 #define DBUS_INTERFACE_DBUS DBUS_NAME_DBUS
 #define DBUS_PATH_DBUS "/org/freedesktop/DBus"

+static gboolean
+supports_expose_pids (void)
+{
+  const char *path = g_find_program_in_path (flatpak_get_bwrap ());
+  struct stat st;
+
+  /* This is supported only if bwrap exists and is not setuid */
+  return
+    path != NULL &&
+    stat (path, &st) == 0 &&
+    (st.st_mode & S_ISUID) == 0;
+}
+
 static void
 on_bus_acquired (GDBusConnection *connection,
                 const gchar     *name,
@@ -2325,6 +2349,8 @@ on_bus_acquired (GDBusConnection *connection,
                                       G_DBUS_INTERFACE_SKELETON_FLAGS_HANDLE_METHOD_INVOCATIONS_IN_THREAD);

  portal_flatpak_set_version (PORTAL_FLATPAK (portal), 3);
+  portal_flatpak_set_supports (PORTAL_FLATPAK (portal), supports);
+
  g_signal_connect (portal, "handle-spawn", G_CALLBACK (handle_spawn), NULL);
  g_signal_connect (portal, "handle-spawn-signal", G_CALLBACK (handle_spawn_signal), NULL);
  g_signal_connect (portal, "handle-create-update-monitor", G_CALLBACK (handle_create_update_monitor), NULL);
@@ -2486,6 +2512,9 @@ main (int    argc,

  flatpak_connection_track_name_owners (session_bus);

+  if (supports_expose_pids ())
+    supports |= FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS;
+
  flags = G_BUS_NAME_OWNER_FLAGS_ALLOW_REPLACEMENT;
  if (replace)
    flags |= G_BUS_NAME_OWNER_FLAGS_REPLACE;
--- a/portal/flatpak-portal.h
+++ b/portal/flatpak-portal.h
@@ -38,6 +38,11 @@ typedef enum {
  FLATPAK_SPAWN_SANDBOX_FLAGS_ALLOW_A11Y = 1 << 4,
 } FlatpakSpawnSandboxFlags;

+
+typedef enum {
+  FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS = 1 << 0,
+} FlatpakSpawnSupportFlags;
+
 #define FLATPAK_SPAWN_FLAGS_ALL (FLATPAK_SPAWN_FLAGS_CLEAR_ENV | \
                                 FLATPAK_SPAWN_FLAGS_LATEST_VERSION | \
                                 FLATPAK_SPAWN_FLAGS_SANDBOX | \