From a71f6ef13b95404d29a76ca1e4d3f4c40ec4e39b Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Mon, 12 Nov 2018 11:30:53 +0100 Subject: [PATCH] Make per-app generated files read-only We generate various configuration files for each sandbox instance, and expose them to the sandbox using flatpak_bwrap_add_args_data, which in the end passed --bind-data to bwrap. These files are not sensitive or shared, but it still doesn't really make sense for the sandbox to allow them to be modified, so lets switch them to --ro-bind-data. This affects these files in the sandbox: $HOME/.var/app/$APPID/config/user-dirs.dirs /etc/group /etc/ld.so.conf /etc/passwd /etc/pkcs11/modules/p11-kit-trust.module /etc/pkcs11/pkcs11.conf /etc/timezone /run/flatpak/ld.so.conf.d/*.conf /run/user/$UID/pulse/config /run/user/$UID/Xauthority --- common/flatpak-bwrap.c | 2 +- common/flatpak-run.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/common/flatpak-bwrap.c b/common/flatpak-bwrap.c index fb912515..826fd621 100644 --- a/common/flatpak-bwrap.c +++ b/common/flatpak-bwrap.c @@ -245,7 +245,7 @@ flatpak_bwrap_add_args_data (FlatpakBwrap *bwrap, if (!flatpak_buffer_to_sealed_memfd_or_tmpfile (&args_tmpf, name, content, content_size, error)) return FALSE; - flatpak_bwrap_add_args_data_fd (bwrap, "--bind-data", glnx_steal_fd (&args_tmpf.fd), path); + flatpak_bwrap_add_args_data_fd (bwrap, "--ro-bind-data", glnx_steal_fd (&args_tmpf.fd), path); return TRUE; } diff --git a/common/flatpak-run.c b/common/flatpak-run.c index 573ff9c8..51011efa 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -207,7 +207,7 @@ flatpak_run_add_x11_args (FlatpakBwrap *bwrap, g_autofree char *dest = g_strdup_printf ("/run/user/%d/Xauthority", getuid ()); write_xauth (d, output); - flatpak_bwrap_add_args_data_fd (bwrap, "--bind-data", tmp_fd, dest); + flatpak_bwrap_add_args_data_fd (bwrap, "--ro-bind-data", tmp_fd, dest); flatpak_bwrap_set_env (bwrap, "XAUTHORITY", dest, TRUE); }