Prevent the user from running a flatpak app if that app is filtered by
the parental controls applied to the user.
If flatpak is running as a system user (UID < 1000), ignore failure to
load the app filter. This could happen if a flatpak is run in the
gnome-initial-setup session, before the user’s account is created.
Includes contributions by André Magalhães.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://github.com/flatpak/flatpak/pull/2797
Otherwise the build failed on older glib version, but with this setup
we still disable all the GTimeVal deprecation warnings.
Closes: #3122
Approved by: alexlarsson
We generally want to avoid using deprecated stuff as much as we
can, while still depending on an old glib version. However, the GTimeVal
deprecation in 2.62 just is impossible to work around without bumping
the requirements, so ignore newer deprecations.
Closes: #3119
Approved by: alexlarsson
The libxml API is used in a relatively few places inside the 'common'
sub-directory. It's definitely not as widespread as GLib. A subsequent
commit will leverage this to prevent unused shared libraries from
being linked to the session helper.
Closes: #3052
Approved by: alexlarsson
The libarchive API is used in a relatively few places inside the
'common' sub-directory. It's definitely not as widespread as GLib. A
subsequent commit will leverage this to prevent unused shared
libraries from being linked to the session helper.
Closes: #3052
Approved by: alexlarsson
Historycally the system helper has been running in a generic
unconfined_service_t domain. However, this caused problems with the
new revokefs support, because passing the revokefs unix domain socket
over the system bus got it kicked of the bus, because to do this
dbus-daemon needs rw rights to the socket.
So, this module creates a custom domain flatpak_helper_t, which
allows us to add special permissions to dbus-daemon to allow
access to its sockets.
The domain is otherwise uncontained just like before. I did try
to make it contained, but that is a lot of work as the permissions
it needs are very complex.
Note to packagers on selinux systems, for flatpak to work well
you need to install this module and relabel the system-helper
binary.
In my testing on fedora I used something like this:
%post
%selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
%postun
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
fi
With these new files:
%{_datadir}/selinux/packages/flatpak.pp.bz2
%{_datadir}/selinux/devel/include/contrib/flatpak.if
Closes: #2657
Approved by: alexlarsson
This adds a new helper method "GetRevokefsFd" which is responsible
for spawning the backend part of the revokefs filesystem. It takes care
of creating a cache location for the backing directory in repo/tmp.
This cache location is transferred over D-Bus to the client with the
other end socket fd.
The client on receiving the socket fd creates a mountpoint directory and
spawns the revokefs-fuse filesystem. It then creates a child repo for the
pull. In any case of failure, it fallbacks on the current code path
(which causes temporary duplication of files on disk).
The backing dir itself and all files written to it by the revokefs-fuse
backend process are owned by the "flatpak" user. After the pull in the
child repo is completed, it's ownership is then canoncalized with owner=root
and permissions as per bare-user-only in Deploy().
Now we have fulfilled all the criteria to hardlink the child repo into
the system one and avoid duplication. See [1].
If there is existing cache directory available in repo/tmp, it will be
mounted using revokefs-fuse for the current pull. Hence, it is possible
to recover the previous partial pull which might have failed due to some
error.
[1] https://github.com/ostreedev/ostree/pull/1776Closes: #2657
Approved by: alexlarsson
We want to move away from using dconf inside the sandbox,
and instead use the keyfile backend for GSettings, which
has gained the capability to read defaults and locks.
This change makes the dconf database contents and locks
available in a suitable format. The files appear inside
the sandbox in the /etc/glib-2.0/settings directory.
We only export the default values for keys in the dconf
subtree whose path matches the app id, as well as prefixes
listed in paths key from the X-DConf group in metadata.
This commit adds a new dependency, since we're now linking
against libdconf.
Closes: #2295
Approved by: alexlarsson
This is a script that program that gets run by systemd
before every user service to set up the environment.
See systemd.environment-generator(7) for details.
Closes: #2122
Approved by: matthiasclasen
Install a polkit text agent that can ask for
authorization when we are on the console.
This brings us closer to best practice for polkit use.
Closes: #2379
Approved by: alexlarsson
A convenience wrapper around ostree_repo_get_min_free_space_bytes().
Clients programs like gnome-software can get the value of minimum free
space as defined in the OSTree repo. This can be useful in various
disk-space checks these client program can implement.
At Endless, we have downstream heuristics in gnome-software which
determine the success/failure likelihood of an install/update
operation to some extend. Depending upon the likelihood of the
success/failure we dispatch install/update/auto-update operations.
With client programs gaining features such as auto-updates, it makes
sense to have a min-free-space API so that these programs can check
free-space availablity vs minimum free space defined by user inside
OSTree's repo before auto-updating. Although, OSTree will certainly
fail operations over-stepping min-free-space's value; It's just a
matter of convenience to provide a way to query the value to client
programs as well.
Closes: #2274
Approved by: matthiasclasen
The history command pulls the transaction log entries
out of the journal, and presents them nicely.
We use the sd-journal api for this, so we need to
link against libsystemd now, but we make the dependency
optional. If libsystemd is not available, the history
command will simply print an error.
This adds a --enable-coverage configure option and a
coverage target to generate coverage testing for
the testsuite. The generated html ends up in the
coverage/ directory.
Closes: #2187
Approved by: alexlarsson
Use min-free-space-size as a replacement for min-free-space-percent.
Previously, flatpak used to disable min-free-space-percent by re-writing
the config with min-free-space-percent=0. As the new version of ostree (2018.7)
now supports min-free-space-size, we should use that and migrate from -percent
option in existing repos to -size=500MB.
Config is rewritten with min-free-space-size in case of:
1) It has min-free-space-percent=0 only. (That is probably from the
previous re-writes).
2) If there are no min-free-space-* options.
Other than that, the config remains unchanged and the co-existence(if any)
of these options is governed by ostree.
https://github.com/flatpak/flatpak/issues/1826Closes: #1912
Approved by: alexlarsson
Now that flatpak depends on ostree 2018.6 we don't need to check if we
have 2018.5. Remove the check and update a comment.
Closes: #1813
Approved by: alexlarsson
