Check if symlink target for /etc/localtime exists in the runtime

On unmonitored systems (if the session helper is not available), we currently decide whether to create a symlink or a read-only bind mount for /etc/localtime based on whether that's a symlink in the host or not, but we don't check whether that symlink would be reachable in the sandboxed environment, which might lead to bad situations. This patch adds some extra checks relying on GFile's API to check whether that symlink would be reachable before making the final decision: if it's not, then do a bind mount despite of the file being a symlink in the host. https://github.com/flatpak/flatpak/issues/409
2026-03-14 05:02:44 -04:00 · 2016-11-25 12:03:38 +00:00
parent 7975dc489e
commit bfd43c1f98
1 changed files with 16 additions and 0 deletions
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -3270,11 +3270,27 @@ add_monitor_path_args (gboolean use_session_helper,
        {
          char localtime[PATH_MAX + 1];
          ssize_t symlink_size;
+          gboolean is_reachable = FALSE;

          symlink_size = readlink ("/etc/localtime", localtime, sizeof (localtime) - 1);
          if (symlink_size > 0)
            {
+              g_autoptr(GFile) base_file = NULL;
+              g_autoptr(GFile) target_file = NULL;
+              g_autofree char *target_canonical = NULL;
+
+              /* readlink() does not append a null byte to the buffer. */
              localtime[symlink_size] = 0;
+
+              base_file = g_file_new_for_path ("/etc");
+              target_file = g_file_resolve_relative_path (base_file, localtime);
+              target_canonical = g_file_get_path (target_file);
+
+              is_reachable = g_str_has_prefix (target_canonical, "/usr/");
+            }
+
+          if (is_reachable)
+            {
              add_args (argv_array,
                        "--symlink", localtime, "/etc/localtime",
                        NULL);