From cc36dbcbbfae2cf82a0aa69654b6a3abe908cdbf Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Tue, 22 Nov 2016 11:39:58 +0100 Subject: [PATCH] run: Allow --filesystem=foo to expose sockets We already kind of support this by exposing the parent directory, so this isn't really less secure, and you should not be able to access it unless your user is allowed to anyway. --- common/flatpak-run.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common/flatpak-run.c b/common/flatpak-run.c index a41dc548..8281037e 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -2295,7 +2295,8 @@ add_expose_path (GHashTable *hash_table, if (S_ISDIR (st.st_mode) || S_ISREG (st.st_mode) || - S_ISLNK (st.st_mode)) + S_ISLNK (st.st_mode) || + S_ISSOCK (st.st_mode)) { FlatpakFilesystemMode old_mode;