From 6540f85511739028c0f8eb496ae64dcc73d40a28 Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Mon, 1 Aug 2022 13:45:59 -0500 Subject: [PATCH] Allow sub-sandboxes to own MPRIS names We already allow normal apps to own MPRIS names but subsandboxes could not. This allows them with the same dbus restrictions that they must be prefixed by $app_id.Sandboxed. This will be used by WebKitGTK. --- common/flatpak-context.c | 5 ++++- doc/flatpak-run.xml | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/common/flatpak-context.c b/common/flatpak-context.c index a994c047..17f4d6c5 100644 --- a/common/flatpak-context.c +++ b/common/flatpak-context.c @@ -2361,7 +2361,10 @@ flatpak_context_add_bus_filters (FlatpakContext *context, flatpak_bwrap_add_arg_printf (bwrap, "--own=org.mpris.MediaPlayer2.%s.*", app_id); } else - flatpak_bwrap_add_arg_printf (bwrap, "--own=%s.Sandboxed.*", app_id); + { + flatpak_bwrap_add_arg_printf (bwrap, "--own=%s.Sandboxed.*", app_id); + flatpak_bwrap_add_arg_printf (bwrap, "--own=org.mpris.MediaPlayer2.%s.Sandboxed.*", app_id); + } } if (session_bus) diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml index f8d9e5ee..d5360371 100644 --- a/doc/flatpak-run.xml +++ b/doc/flatpak-run.xml @@ -574,9 +574,9 @@ key=v1;v2; Allow filtered access to the session dbus connection. This is the default, except when run with --sandbox. - Isandbox mode, even if you allow access to the session bus the sandbox cannot talk to or own + In sandbox mode, even if you allow access to the session bus the sandbox cannot talk to or own the application ids (org.the.App.*) on the bus (unless explicitly added), only names in the - .Sandbox subset (org.the.App.Sandbox.*). + .Sandboxed subset (org.the.App.Sandboxed.* and org.mpris.MediaPlayer2.org.the.App.Sandboxed.*).