Fix issues with XDG_RUNTIME_DIR being /var/run which is a symlink

Whenever we use $XDG_RUNTIME_DIR and expose it somehow in the sandbox
we fully resolve the path, because if (as happens on gentoo for instance)
it contains /var/run -> ../run, then flatpak thinks we need to
add the /var/run symlink in the runtime even though we already
exposed that.

Closes: #2710
Approved by: matthiasclasen

(cherry picked from commit 28e96288c4)

common/flatpak-context.c

@@ -653,7 +653,7 @@ get_xdg_user_dir_from_string (const char  *filesystem,
       if (config_key)
         *config_key = NULL;
       if (dir)
-        *dir = g_get_user_runtime_dir ();
+        *dir = flatpak_get_real_xdg_runtime_dir ();
       return TRUE;
     }
 
@@ -2087,8 +2087,9 @@ flatpak_context_append_bwrap_filesystem (FlatpakContext  *context,
 
   if (app_id_dir != NULL)
     {
+      g_autofree char *user_runtime_dir = flatpak_get_real_xdg_runtime_dir ();
       g_autofree char *run_user_app_dst = g_strdup_printf ("/run/user/%d/app/%s", getuid (), app_id);
-      g_autofree char *run_user_app_src = g_build_filename (g_get_user_runtime_dir (), "app", app_id, NULL);
+      g_autofree char *run_user_app_src = g_build_filename (user_runtime_dir, "app", app_id, NULL);
 
       if (glnx_shutil_mkdir_p_at (AT_FDCWD,
                                   run_user_app_src,

common/flatpak-run.c

@@ -234,6 +234,7 @@ static gboolean
 flatpak_run_add_wayland_args (FlatpakBwrap *bwrap)
 {
   const char *wayland_display;
+  g_autofree char *user_runtime_dir = flatpak_get_real_xdg_runtime_dir ();
   g_autofree char *wayland_socket = NULL;
   g_autofree char *sandbox_wayland_socket = NULL;
   gboolean res = FALSE;
@@ -243,7 +244,7 @@ flatpak_run_add_wayland_args (FlatpakBwrap *bwrap)
   if (!wayland_display)
     wayland_display = "wayland-0";
 
-  wayland_socket = g_build_filename (g_get_user_runtime_dir (), wayland_display, NULL);
+  wayland_socket = g_build_filename (user_runtime_dir, wayland_display, NULL);
   sandbox_wayland_socket = g_strdup_printf ("/run/user/%d/%s", getuid (), wayland_display);
 
   if (stat (wayland_socket, &statbuf) == 0 &&
@@ -400,12 +401,13 @@ flatpak_run_add_pulseaudio_args (FlatpakBwrap *bwrap)
 {
   g_autofree char *pulseaudio_server = flatpak_run_get_pulseaudio_server ();
   g_autofree char *pulseaudio_socket = NULL;
+  g_autofree char *user_runtime_dir = flatpak_get_real_xdg_runtime_dir ();
 
   if (pulseaudio_server)
     pulseaudio_socket = flatpak_run_parse_pulse_server (pulseaudio_server);
 
   if (!pulseaudio_socket)
-    pulseaudio_socket = g_build_filename (g_get_user_runtime_dir (), "pulse/native", NULL);
+    pulseaudio_socket = g_build_filename (user_runtime_dir, "pulse/native", NULL);
 
   flatpak_bwrap_unset_env (bwrap, "PULSE_SERVER");
 
@@ -455,7 +457,8 @@ flatpak_run_add_journal_args (FlatpakBwrap *bwrap)
 static char *
 create_proxy_socket (char *template)
 {
-  g_autofree char *proxy_socket_dir = g_build_filename (g_get_user_runtime_dir (), ".dbus-proxy", NULL);
+  g_autofree char *user_runtime_dir = flatpak_get_real_xdg_runtime_dir ();
+  g_autofree char *proxy_socket_dir = g_build_filename (user_runtime_dir, ".dbus-proxy", NULL);
   g_autofree char *proxy_socket = g_build_filename (proxy_socket_dir, template, NULL);
   int fd;
 
@@ -687,7 +690,7 @@ add_bwrap_wrapper (FlatpakBwrap *bwrap,
 
   g_auto(GLnxDirFdIterator) dir_iter = { 0 };
   struct dirent *dent;
-  g_autofree char *user_runtime_dir = realpath (g_get_user_runtime_dir (), NULL);
+  g_autofree char *user_runtime_dir = flatpak_get_real_xdg_runtime_dir ();
   g_autofree char *proxy_socket_dir = g_build_filename (user_runtime_dir, ".dbus-proxy/", NULL);
 
   app_info_fd = open (app_info_path, O_RDONLY | O_CLOEXEC);
@@ -1694,7 +1697,8 @@ flatpak_run_gc_ids (void)
 static char *
 flatpak_run_allocate_id (int *lock_fd_out)
 {
-  g_autofree char *base_dir = g_build_filename (g_get_user_runtime_dir (), ".flatpak", NULL);
+  g_autofree char *user_runtime_dir = flatpak_get_real_xdg_runtime_dir ();
+  g_autofree char *base_dir = g_build_filename (user_runtime_dir, ".flatpak", NULL);
   int count;
 
   g_mkdir_with_parents (base_dir, 0755);
@@ -1959,12 +1963,13 @@ flatpak_run_add_app_info_args (FlatpakBwrap   *bwrap,
   g_autofree char *instance_id_host_dir = NULL;
   g_autofree char *instance_id_sandbox_dir = NULL;
   g_autofree char *instance_id_lock_file = NULL;
+  g_autofree char *user_runtime_dir = flatpak_get_real_xdg_runtime_dir ();
 
   instance_id = flatpak_run_allocate_id (&lock_fd);
   if (instance_id == NULL)
     return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Unable to allocate instance id"));
 
-  instance_id_host_dir = g_build_filename (g_get_user_runtime_dir (), ".flatpak", instance_id, NULL);
+  instance_id_host_dir = g_build_filename (user_runtime_dir, ".flatpak", instance_id, NULL);
   instance_id_sandbox_dir = g_strdup_printf ("/run/user/%d/.flatpak/%s", getuid (), instance_id);
   instance_id_lock_file = g_build_filename (instance_id_sandbox_dir, ".ref", NULL);
 

common/flatpak-utils-private.h

@@ -90,6 +90,10 @@ void flatpak_debug2 (const char *format,
 gint flatpak_strcmp0_ptr (gconstpointer a,
                           gconstpointer b);
 
+/* Sometimes this is /var/run which is a symlink, causing weird issues when we pass
+ * it as a path into the sandbox */
+char * flatpak_get_real_xdg_runtime_dir (void);
+
 gboolean  flatpak_has_path_prefix (const char *str,
                                    const char *prefix);
 

common/flatpak-utils.c

@@ -223,6 +223,14 @@ flatpak_strcmp0_ptr (gconstpointer a,
   return g_strcmp0 (*(char * const *) a, *(char * const *) b);
 }
 
+/* Sometimes this is /var/run which is a symlink, causing weird issues when we pass
+ * it as a path into the sandbox */
+char *
+flatpak_get_real_xdg_runtime_dir (void)
+{
+  return realpath (g_get_user_runtime_dir (), NULL);
+}
+
 /* Compares if str has a specific path prefix. This differs
    from a regular prefix in two ways. First of all there may
    be multiple slashes separating the path elements, and