diff --git a/app/flatpak-builtins-run.c b/app/flatpak-builtins-run.c index eb5c1497..0440b9a1 100644 --- a/app/flatpak-builtins-run.c +++ b/app/flatpak-builtins-run.c @@ -57,6 +57,7 @@ static char *opt_commit; static char *opt_runtime_commit; static int opt_parent_pid; static gboolean opt_parent_expose_pids; +static gboolean opt_parent_share_pids; static int opt_instance_id_fd = -1; static GOptionEntry options[] = { @@ -82,6 +83,7 @@ static GOptionEntry options[] = { { "die-with-parent", 'p', 0, G_OPTION_ARG_NONE, &opt_die_with_parent, N_("Kill processes when the parent process dies"), NULL }, { "parent-pid", 0, 0, G_OPTION_ARG_INT, &opt_parent_pid, N_("Use PID as parent pid for sharing namespaces"), N_("PID") }, { "parent-expose-pids", 0, 0, G_OPTION_ARG_NONE, &opt_parent_expose_pids, N_("Make processes visible in parent namespace"), NULL }, + { "parent-share-pids", 0, 0, G_OPTION_ARG_NONE, &opt_parent_share_pids, N_("Share process ID namespace with parent"), NULL }, { "instance-id-fd", 0, 0, G_OPTION_ARG_INT, &opt_instance_id_fd, N_("Write the instance ID to the given file descriptor"), NULL }, { NULL } }; @@ -286,6 +288,8 @@ flatpak_builtin_run (int argc, char **argv, GCancellable *cancellable, GError ** flags |= FLATPAK_RUN_FLAG_NO_DOCUMENTS_PORTAL; if (opt_parent_expose_pids) flags |= FLATPAK_RUN_FLAG_PARENT_EXPOSE_PIDS; + if (opt_parent_share_pids) + flags |= FLATPAK_RUN_FLAG_PARENT_SHARE_PIDS; if (!opt_a11y_bus) flags |= FLATPAK_RUN_FLAG_NO_A11Y_BUS_PROXY; if (!opt_session_bus) diff --git a/common/flatpak-common-types-private.h b/common/flatpak-common-types-private.h index 53dfac37..05130144 100644 --- a/common/flatpak-common-types-private.h +++ b/common/flatpak-common-types-private.h @@ -48,6 +48,7 @@ typedef enum { FLATPAK_RUN_FLAG_DO_NOT_REAP = (1 << 18), FLATPAK_RUN_FLAG_NO_PROC = (1 << 19), FLATPAK_RUN_FLAG_PARENT_EXPOSE_PIDS = (1 << 20), + FLATPAK_RUN_FLAG_PARENT_SHARE_PIDS = (1 << 21), } FlatpakRunFlags; typedef struct FlatpakDir FlatpakDir; diff --git a/common/flatpak-run.c b/common/flatpak-run.c index eefd44be..2d2fe10f 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -2940,8 +2940,10 @@ flatpak_run_setup_base_argv (FlatpakBwrap *bwrap, "--proc", "/proc", NULL); + if (!(flags & FLATPAK_RUN_FLAG_PARENT_SHARE_PIDS)) + flatpak_bwrap_add_arg (bwrap, "--unshare-pid"); + flatpak_bwrap_add_args (bwrap, - "--unshare-pid", "--dir", "/tmp", "--dir", "/var/tmp", "--dir", "/run/host", @@ -3596,7 +3598,7 @@ flatpak_run_app (FlatpakDecomposed *app_ref, gboolean use_ld_so_cache = TRUE; gboolean sandboxed = (flags & FLATPAK_RUN_FLAG_SANDBOX) != 0; gboolean parent_expose_pids = (flags & FLATPAK_RUN_FLAG_PARENT_EXPOSE_PIDS) != 0; - + gboolean parent_share_pids = (flags & FLATPAK_RUN_FLAG_PARENT_SHARE_PIDS) != 0; struct stat s; if (!check_sudo (error)) @@ -3911,7 +3913,7 @@ flatpak_run_app (FlatpakDecomposed *app_ref, if (cwd) flatpak_bwrap_add_args (bwrap, "--chdir", cwd, NULL); - if (parent_expose_pids) + if (parent_expose_pids || parent_share_pids) { g_autofree char *userns_path = NULL; g_autofree char *pidns_path = NULL; diff --git a/data/org.freedesktop.portal.Flatpak.xml b/data/org.freedesktop.portal.Flatpak.xml index 223fa25a..f6617957 100644 --- a/data/org.freedesktop.portal.Flatpak.xml +++ b/data/org.freedesktop.portal.Flatpak.xml @@ -36,7 +36,7 @@ bus name org.freedesktop.portal.Flatpak and the object path /org/freedesktop/portal/Flatpak. - This documentation describes version 4 of this interface. + This documentation describes version 5 of this interface. --> @@ -49,7 +49,9 @@ 1 (FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS) - Supports the expose sandbox pids flag of Spawn. + Supports the expose sandbox pids flag of Spawn. + If the version of this interface is 5 or later, this also + indicates that the share sandbox pids flag is available. @@ -120,6 +122,17 @@ This was added in version 4 of this interface (available from flatpak 1.8.0 and later). + + 128 (FLATPAK_SPAWN_FLAGS_SHARE_PIDS) + + Expose the sandbox process IDs in the caller's sandbox and + the caller's process IDs in the new sandbox. Only supported + if using user namespaces for containers (not setuid), see the + support property. + + This was added in version 5 of this interface (available from flatpak 1.10.0 and later). + + Unknown (unsupported) flags are an error and will cause Spawn() @@ -246,7 +259,8 @@ SpawnStarted: @pid: the PID of the process that has been started @relpid: the PID of the process relative to the current namespace. - This is only non-zero if the expose PIDs flag (32) was passed to + This is only non-zero if the expose PIDs flag (32) or the share + PIDs flag (128) was passed to org.freedesktop.portal.Flatpak.Spawn(), and it may still be zero if the process exits before its relative PID could be read. diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml index fd6947ae..d7e6b5bc 100644 --- a/doc/flatpak-run.xml +++ b/doc/flatpak-run.xml @@ -563,7 +563,8 @@ key=v1;v2; - Specifies the pid of the "parent" flatpak, used by --parent-expose-pids. + Specifies the pid of the "parent" flatpak, used by + --parent-expose-pids and --parent-share-pids. @@ -576,6 +577,16 @@ key=v1;v2; + + + + + Use the same process ID namespace for the processes of + the new sandbox and the sandbox of the parent flatpak, as + defined by --parent-pid. Implies --parent-expose-pids. + + + diff --git a/portal/flatpak-portal.c b/portal/flatpak-portal.c index 050b30ca..7ae581ec 100644 --- a/portal/flatpak-portal.c +++ b/portal/flatpak-portal.c @@ -207,7 +207,7 @@ typedef struct char *client; guint child_watch; gboolean watch_bus; - gboolean expose_pids; + gboolean expose_or_share_pids; } PidData; static void @@ -408,7 +408,7 @@ check_child_pid_status (void *user_data) } /* Only send the child PID if it's exposed */ - if (pid_data->expose_pids) + if (pid_data->expose_or_share_pids) { g_autoptr(GError) error = NULL; relative_child_pid = get_child_pid_relative_to_parent_sandbox (child_pid, &error); @@ -779,6 +779,7 @@ handle_spawn (PortalFlatpak *object, guint sandbox_flags = 0; gboolean sandboxed; gboolean expose_pids; + gboolean share_pids; gboolean notify_start; gboolean devel; @@ -1047,7 +1048,9 @@ handle_spawn (PortalFlatpak *object, } expose_pids = (arg_flags & FLATPAK_SPAWN_FLAGS_EXPOSE_PIDS) != 0; - if (expose_pids) + share_pids = (arg_flags & FLATPAK_SPAWN_FLAGS_SHARE_PIDS) != 0; + + if (expose_pids || share_pids) { g_autofree char *instance_id = NULL; int sender_pid1 = 0; @@ -1056,7 +1059,7 @@ handle_spawn (PortalFlatpak *object, { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_NOT_SUPPORTED, - "Expose pids not supported"); + "Expose pids not supported with setuid bwrap"); return G_DBUS_METHOD_INVOCATION_HANDLED; } @@ -1079,7 +1082,11 @@ handle_spawn (PortalFlatpak *object, } g_ptr_array_add (flatpak_argv, g_strdup_printf ("--parent-pid=%d", sender_pid1)); - g_ptr_array_add (flatpak_argv, g_strdup ("--parent-expose-pids")); + + if (share_pids) + g_ptr_array_add (flatpak_argv, g_strdup ("--parent-share-pids")); + else + g_ptr_array_add (flatpak_argv, g_strdup ("--parent-expose-pids")); } notify_start = (arg_flags & FLATPAK_SPAWN_FLAGS_NOTIFY_START) != 0; @@ -1278,7 +1285,7 @@ handle_spawn (PortalFlatpak *object, pid_data->pid = pid; pid_data->client = g_strdup (g_dbus_method_invocation_get_sender (invocation)); pid_data->watch_bus = (arg_flags & FLATPAK_SPAWN_FLAGS_WATCH_BUS) != 0; - pid_data->expose_pids = expose_pids; + pid_data->expose_or_share_pids = (expose_pids || share_pids); pid_data->child_watch = g_child_watch_add_full (G_PRIORITY_DEFAULT, pid, child_watch_died, @@ -2679,7 +2686,7 @@ on_bus_acquired (GDBusConnection *connection, g_dbus_interface_skeleton_set_flags (G_DBUS_INTERFACE_SKELETON (portal), G_DBUS_INTERFACE_SKELETON_FLAGS_HANDLE_METHOD_INVOCATIONS_IN_THREAD); - portal_flatpak_set_version (PORTAL_FLATPAK (portal), 4); + portal_flatpak_set_version (PORTAL_FLATPAK (portal), 5); portal_flatpak_set_supports (PORTAL_FLATPAK (portal), supports); g_signal_connect (portal, "handle-spawn", G_CALLBACK (handle_spawn), NULL); diff --git a/portal/flatpak-portal.h b/portal/flatpak-portal.h index 407be250..7b95fd81 100644 --- a/portal/flatpak-portal.h +++ b/portal/flatpak-portal.h @@ -29,6 +29,7 @@ typedef enum { FLATPAK_SPAWN_FLAGS_WATCH_BUS = 1 << 4, FLATPAK_SPAWN_FLAGS_EXPOSE_PIDS = 1 << 5, FLATPAK_SPAWN_FLAGS_NOTIFY_START = 1 << 6, + FLATPAK_SPAWN_FLAGS_SHARE_PIDS = 1 << 7, } FlatpakSpawnFlags; typedef enum { @@ -44,13 +45,18 @@ typedef enum { FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS = 1 << 0, } FlatpakSpawnSupportFlags; +/* The same flag is reused: this feature is available under the same + * circumstances */ +#define FLATPAK_SPAWN_SUPPORT_FLAGS_SHARE_PIDS FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS + #define FLATPAK_SPAWN_FLAGS_ALL (FLATPAK_SPAWN_FLAGS_CLEAR_ENV | \ FLATPAK_SPAWN_FLAGS_LATEST_VERSION | \ FLATPAK_SPAWN_FLAGS_SANDBOX | \ FLATPAK_SPAWN_FLAGS_NO_NETWORK | \ FLATPAK_SPAWN_FLAGS_WATCH_BUS | \ FLATPAK_SPAWN_FLAGS_EXPOSE_PIDS | \ - FLATPAK_SPAWN_FLAGS_NOTIFY_START) + FLATPAK_SPAWN_FLAGS_NOTIFY_START | \ + FLATPAK_SPAWN_FLAGS_SHARE_PIDS) #define FLATPAK_SPAWN_SANDBOX_FLAGS_ALL (FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_DISPLAY | \ FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_SOUND | \