portal: Inherit flatpak-run environment from parent when spawning

Instead of inheriting the portal's environment when spawning a subsandbox using flatpak-run, inherit the environment in which flatpak-run was originally executed for the parent instance. This means that environment variables that affect the sandbox setup of the parent instance now also propagate to the setup of subsandboxes, including "FLATPAK_GL_DRIVERS". Closes: https://github.com/flatpak/flatpak/issues/5278
2026-05-14 03:24:50 -04:00 · 2023-06-07 02:09:40 +03:00
parent df4e98fc15
commit 7e91d344b6
1 changed files with 58 additions and 14 deletions
--- a/portal/flatpak-portal.c
+++ b/portal/flatpak-portal.c
@@ -773,6 +773,7 @@ handle_spawn (PortalFlatpak         *object,
  g_auto(GStrv) runtime_parts = NULL;
  g_autofree char *runtime_commit = NULL;
  g_autofree char *instance_path = NULL;
+  g_autofree char *instance_id = NULL;
  g_auto(GStrv) extra_args = NULL;
  g_auto(GStrv) shares = NULL;
  g_auto(GStrv) sockets = NULL;
@@ -780,6 +781,7 @@ handle_spawn (PortalFlatpak         *object,
  g_auto(GStrv) unset_env = NULL;
  g_auto(GStrv) sandbox_expose = NULL;
  g_auto(GStrv) sandbox_expose_ro = NULL;
+  g_autoptr(FlatpakInstance) instance = NULL;
  g_autoptr(GVariant) sandbox_expose_fd = NULL;
  g_autoptr(GVariant) sandbox_expose_fd_ro = NULL;
  g_autoptr(GVariant) app_fd = NULL;
@@ -988,8 +990,36 @@ handle_spawn (PortalFlatpak         *object,
      max_fd = MAX (max_fd, fd_map_entry.from);
    }

-  /* TODO: Ideally we should let `flatpak run` inherit the portal's
-   * environment, in case e.g. a LD_LIBRARY_PATH is needed to be able
+  if (testing)
+    {
+      instance_id = g_strdup ("11223344");
+    }
+  else
+    {
+      instance_id = g_key_file_get_string (app_info,
+                                           FLATPAK_METADATA_GROUP_INSTANCE,
+                                           FLATPAK_METADATA_KEY_INSTANCE_ID, NULL);
+    }
+
+  if (!instance_id)
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_INVALID_ARGS,
+                                             "Caller has no instance id");
+      return G_DBUS_METHOD_INVOCATION_HANDLED;
+    }
+
+  instance = flatpak_instance_new_for_id (instance_id);
+  if (!instance)
+    {
+      g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                             G_DBUS_ERROR_FAILED,
+                                             "Could not access caller instance");
+      return G_DBUS_METHOD_INVOCATION_HANDLED;
+    }
+
+  /* TODO: Ideally we should let `flatpak run` inherit the run environment
+   * of the instance, in case e.g. a LD_LIBRARY_PATH is needed to be able
   * to run `flatpak run`, but tell it to start from a blank environment
   * when running the Flatpak app; but this isn't currently possible, so
   * for now we preserve existing behaviour. */
@@ -999,7 +1029,31 @@ handle_spawn (PortalFlatpak         *object,
      env = g_strdupv (empty);
    }
  else
-    env = g_get_environ ();
+    {
+      static const char * const mock_run_environ[] = { "FOO=bar", NULL };
+
+      if (testing)
+        env = g_strdupv ((GStrv) mock_run_environ);
+      else
+        env = flatpak_instance_get_run_environ (instance, &error);
+
+      if (env == NULL)
+        {
+          if (g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT))
+            {
+              g_warning ("Environment for \"flatpak run\" was not found, falling back to current environment");
+              env = g_get_environ ();
+            }
+          else
+            {
+              g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,
+                                                     G_DBUS_ERROR_INVALID_ARGS,
+                                                     "Could not load environment for \"flatpak run\": %s",
+                                                     error->message);
+              return G_DBUS_METHOD_INVOCATION_HANDLED;
+            }
+        }
+    }

  if ((flatpak = g_getenv ("FLATPAK_PORTAL_MOCK_FLATPAK")) != NULL)
    g_ptr_array_add (flatpak_argv, g_strdup (flatpak));
@@ -1167,7 +1221,6 @@ handle_spawn (PortalFlatpak         *object,

  if (expose_pids || share_pids)
    {
-      g_autofree char *instance_id = NULL;
      int sender_pid1 = 0;

      if (!(supports & FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS))
@@ -1178,16 +1231,7 @@ handle_spawn (PortalFlatpak         *object,
          return G_DBUS_METHOD_INVOCATION_HANDLED;
        }

-      instance_id = g_key_file_get_string (app_info,
-                                           FLATPAK_METADATA_GROUP_INSTANCE,
-                                           FLATPAK_METADATA_KEY_INSTANCE_ID, NULL);
-
-      if (instance_id)
-        {
-          g_autoptr(FlatpakInstance) instance = flatpak_instance_new_for_id (instance_id);
-          sender_pid1 = flatpak_instance_get_child_pid (instance);
-        }
-
+      sender_pid1 = flatpak_instance_get_child_pid (instance);
      if (sender_pid1 == 0)
        {
          g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR,