From bfd43c1f98f4830ed55f87b0d6464245eacc0abc Mon Sep 17 00:00:00 2001 From: Mario Sanchez Prada Date: Fri, 25 Nov 2016 12:03:38 +0000 Subject: [PATCH] Check if symlink target for /etc/localtime exists in the runtime On unmonitored systems (if the session helper is not available), we currently decide whether to create a symlink or a read-only bind mount for /etc/localtime based on whether that's a symlink in the host or not, but we don't check whether that symlink would be reachable in the sandboxed environment, which might lead to bad situations. This patch adds some extra checks relying on GFile's API to check whether that symlink would be reachable before making the final decision: if it's not, then do a bind mount despite of the file being a symlink in the host. https://github.com/flatpak/flatpak/issues/409 --- common/flatpak-run.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/common/flatpak-run.c b/common/flatpak-run.c index a3afc707..f510a94a 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -3270,11 +3270,27 @@ add_monitor_path_args (gboolean use_session_helper, { char localtime[PATH_MAX + 1]; ssize_t symlink_size; + gboolean is_reachable = FALSE; symlink_size = readlink ("/etc/localtime", localtime, sizeof (localtime) - 1); if (symlink_size > 0) { + g_autoptr(GFile) base_file = NULL; + g_autoptr(GFile) target_file = NULL; + g_autofree char *target_canonical = NULL; + + /* readlink() does not append a null byte to the buffer. */ localtime[symlink_size] = 0; + + base_file = g_file_new_for_path ("/etc"); + target_file = g_file_resolve_relative_path (base_file, localtime); + target_canonical = g_file_get_path (target_file); + + is_reachable = g_str_has_prefix (target_canonical, "/usr/"); + } + + if (is_reachable) + { add_args (argv_array, "--symlink", localtime, "/etc/localtime", NULL);