From ceea3cefad88d17b8e6629f201de2c5d316dff36 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 27 Aug 2020 15:58:47 +0100 Subject: [PATCH] context: Forbid --filesystem=/ Making it an equivalent of --filesystem=host would be misleading, because it wouldn't do what you'd think it does: host mounts some host system directories in their usual places, but others below /run/host. Signed-off-by: Simon McVittie (cherry picked from commit 02094b4f39e0bcb2d2e4c82926154c584759d0e1) --- common/flatpak-context.c | 11 +++++++++++ tests/test-exports.c | 3 +++ 2 files changed, 14 insertions(+) diff --git a/common/flatpak-context.c b/common/flatpak-context.c index 50e4c07c..a4eb41f5 100644 --- a/common/flatpak-context.c +++ b/common/flatpak-context.c @@ -802,6 +802,17 @@ flatpak_context_parse_filesystem (const char *filesystem_and_mode, else break; } + + if (filesystem[0] == '/' && filesystem[1] == '\0') + { + /* We don't allow --filesystem=/ as equivalent to host, because + * it doesn't do what you'd think: --filesystem=host mounts some + * host directories in /run/host, not in the root. */ + g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_BAD_VALUE, + _("--filesystem=/ is not available, " + "use --filesystem=host for a similar result")); + return FALSE; + } } if (g_strv_contains (flatpak_context_special_filesystems, filesystem) || diff --git a/tests/test-exports.c b/tests/test-exports.c index 2854155b..55a06c09 100644 --- a/tests/test-exports.c +++ b/tests/test-exports.c @@ -241,11 +241,14 @@ typedef struct static const NotFilesystem not_filesystems[] = { + { "", G_OPTION_ERROR_FAILED }, { "homework", G_OPTION_ERROR_FAILED }, { "xdg-download/foo/bar/..", G_OPTION_ERROR_BAD_VALUE }, { "xdg-download/../foo/bar", G_OPTION_ERROR_BAD_VALUE }, { "xdg-download/foo/../bar", G_OPTION_ERROR_BAD_VALUE }, { "xdg-run", G_OPTION_ERROR_FAILED }, + { "/", G_OPTION_ERROR_BAD_VALUE }, + { "/////././././././//////", G_OPTION_ERROR_BAD_VALUE }, }; typedef struct