This will replace all the custom handling of context options
for metadata files and command line args. It also changes how
the permissions etc are serialized in the metadata files to a
saner format.
This changes the application prefix to /app, which has the
advantage of being the same length as /usr. This may help
making some packages relocatable.
We make /self a symlink to /app for now, to keep existing images
work, but at some point we will probably remove this.
When reading the authentication messages we don't know the
packet size, so we may read to much data, getting a partial
(or full) dbus message after the authentication end.
This commit does a better job looking for the authentication end,
and when found it queues any leftover data from the buffer and
reads it instead of the socket input in the next iteration.
Instead of mounting our own sysfs instance we bind mount in only
a subset of the /sys subdirectories from the host. This has several
advantages:
* If something was covered out in the host we will shadow that (i.e.
the app will never see more of sysfs than non xdg-apps)
* We can avoid showing some weird parts of sysfs, focusing on the
device descriptions needed for e.g. mesa
* Bind mounts are allowed in a non-root user-namespace, whereas
the sysfs mount is not, taking us one step closer to that.
Its not totally unheard of to use network during builds, for
instance to download packages. This does so via a straight
(readonly) bind mount of the host version.
This is slightly different from what xdg-app run does, as
that relies on a full session and xdg-app-helper, but instead
that handles the config changing during runtime.
If the session bus is allowed we get unfiltered access to it, but if
it is not, then we install a filter with the policy specified by the
runtime and the app.
By default you can always own your app-id and wildcarded names below
it (i.e. org.gnome.gedit and org.gnome.gedit.*). On top of that we add
all the policies specified in the metadata for the runtime, and then
the metadata from the application.
The metadata policy config looks like this:
[Session Bus Policy]
ca.desrt.dconf=talk
org.gtk.*=see
org.my.name=own
* Convert LD_LIBRARY_PATH in [Vars] to _LD_LIBRARY_PATH in the env
so that its properly propagated.
* Always unset the regular LD_LIBRARY_PATH in the app if
_LD_LIBRARY_PATH is unset.
* Always unset LD_LIBRARY_PATH as passed to the helper to
avoid it getting some weird effect.
Some env vars (like LD_LIBRARY_PATH) was set by the helper, which
made it hard to override it. We instead set all these from the
launcher which gives us the same result but greater control.
For LD_LIBRARY_PATH in particular we pass it as _LD_LIBRARY_PATH
to avoid the env var affecting the helper.
