mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-01-27 17:18:11 -05:00
Code Issues Packages Projects Releases Wiki Activity
595 Commits 45 Branches 198 Tags
f4eefa7e0400d210eaee3b04c218a81ca2bf6bca
Commit Graph

68 Commits

Author SHA1 Message Date
Alexander Larsson
47c705db03 portals: Only give blanket access to session-*.scope systemd cgroup 
This way we won't give false positives if the user systemd session is
not running.
 2015-11-26 17:37:46 +01:00
Alexander Larsson
f5cadc018b Support defining read-only filesystem access 
If you do something like "--filesystem=host:ro" you get a read-only mount
of the specified filesystem location.
 2015-11-26 17:22:37 +01:00
Alexander Larsson
612bf0d08c xdg-app run: Fix support for --filesystem=~/dir 
There was a typo here
 2015-11-26 15:37:17 +01:00
Alexander Larsson
a16f0251ad Remove unused helper function 2015-11-26 15:25:57 +01:00
Alexander Larsson
f710eb9322 Correct license, we're LGPL 2+, not 3+ 
Some files accidentally got the LGPL 3+ header, but we
want to be LGPL2+.
 2015-11-26 14:50:21 +01:00
Alexander Larsson
787fdee634 Handle PWD env var correctly when spawning apps/builds 
Propagate PWD to child, and use it (if correct) instead of getcwd
as the cwd and PWD in the child. This makes things nicer if the
PWD contains a symlink, as we avoid to resolve that symlink.
 2015-11-25 13:43:22 +01:00
Alexander Larsson
dcd17f82a5 Add autoptr cleanup backport for SoupUri 2015-11-25 12:39:41 +01:00
Alexander Larsson
7962be90f2 deploy: Explicitly pull from the origin 
If the same branch has been pulled from multiple origins, pick the current
one. This could happen e.g. during update if you change the origin.
 2015-11-16 08:25:47 +01:00
Alexander Larsson
c6f4eccd04 lib: Export xdg_app_context_set_session_bus_policy 2015-11-11 11:26:03 +01:00
Alexander Larsson
13b3f19acc Add install-bundle command 2015-11-11 09:38:39 +01:00
Alexander Larsson
368eb5f304 utils: Add xdg_app_supports_bundles 
This uses some hacks to check at runtime if ostree is new enough
to support making bundles.
 2015-11-10 11:57:30 +01:00
Alexander Larsson
d3b207a0d6 Create custom /etc/passwd and /etc/group with minimal content 
There is no particular reason to leak the entire host passwd and group
files, as only the users uid/gid is mapped anyway. If fact, injecting
the tty group while also not being allowed to chmod the pty to that group
will make grantpt() fail.
 2015-10-26 17:23:31 +01:00
Christian Hergert
f06a09b0f9 helper: unblock SIGCHILD before execvp() of child 
We don't want to block SIGCHILD from being handled by the child process,
as that could be necessary for g_child_watch_add(), waitpid(), or similar.
 2015-10-26 09:07:04 +01:00
Christian Hergert
f83224c948 helper: match whitespace to other options 2015-10-26 09:07:04 +01:00
Christian Hergert
14bd531121 helper: give xdg-app process access to /dev/ptmx 
This is needed for posix_openpt() to locate the proper ptmx path. We can
just symlink into /dev/pts/ptmx which is already in the mount namespace.
 2015-10-26 09:07:04 +01:00
Alexander Larsson
64d7c00045 Move dbus invocation peer app detection to lib/ 2015-10-21 10:23:37 +02:00
Alexander Larsson
477de4c217 Always remove all leftover app/runtime traces on uninstall 
Even if there is no deploy directory we make sure to remove any
refs with the same name in the repo, and purge the repo.
 2015-10-19 10:41:47 +02:00
Alexander Larsson
9855ac23b4 utils: Add xdg_app_decompose_ref() 2015-10-19 10:41:47 +02:00
Alexander Larsson
c26510295f helper: Also copy extra symlinks from / 2015-10-05 11:24:40 +02:00
Alexander Larsson
dbc92635cc helper: Correctly zero terminate symlink targets 2015-10-05 11:24:26 +02:00
Alexander Larsson
208eb7b1aa Propagate Xauthority details to the sandbox if X11 is enabled 
Some xservers out there (like xorg 1.17.1) have a broken server interpreted
local xauth, which causes apps to fail to connect to the xserver.
This fixes that by propagating Xauthority data such as the MIT-MAGIC-COOKIE-1.
 2015-10-01 21:23:23 +02:00
Alexander Larsson
eedbeab9d0 helper: Handle existing mounts with escaped characters 2015-10-01 18:59:32 +02:00
Alexander Larsson
279558b6bf cleanup: Simplify code using xdg_app_fail 2015-09-28 16:54:24 +02:00
Alexander Larsson
b08f650b07 Add --nofilesystem commandline arg 2015-09-25 17:04:50 +02:00
Alexander Larsson
dc6c6826ab utils: Add xdg_app_fail 2015-09-25 17:04:32 +02:00
Alexander Larsson
afda9d54c4 list-apps/runtimes: User table printer 2015-09-24 21:36:35 +02:00
Alexander Larsson
66e61764f3 list-remotes: Add support for listing both user and system remotes 2015-09-24 21:36:35 +02:00
Alexander Larsson
c40f2ad74e Move table printer to xdg-app-utils.c 2015-09-24 21:36:35 +02:00
Alexander Larsson
41af86dc69 Add xdg-app enter command 
This lets you enter a sandbox and run a command there, which is useful
for debugging purposes.
 2015-09-24 19:23:24 +02:00
Alexander Larsson
1917e1fd38 Make seccomp optional 
Several architectures does not have seccomp yet.
 2015-09-24 14:57:53 +02:00
Alexander Larsson
3240ac6d3f remove some unused code 2015-09-23 13:54:25 +02:00
Alexander Larsson
752b1a0a4b run: Fix handling of which filesystems you can access 2015-09-23 13:53:04 +02:00
Alexander Larsson
727f50e923 xdg-app build: Support extensions 2015-09-22 13:57:20 +02:00
Alexander Larsson
3334c08f6e run: When creating /etc symlinks, don't make symlinks to symlinks 
Instead we just copy the original symlink. This makes things like
/etc/localtime symlink value parsing work.
 2015-09-21 10:43:10 +02:00
Alexander Larsson
5e6960353d Mount nvidia device nodes in sandbox if dri allowed 2015-09-18 14:15:56 +02:00
Alexander Larsson
5065e431a2 run: Allow perf and ptrace in debug and build mode. 
Without this you can't e.g. run a debugger or profiler in the sandbox.
 2015-09-18 14:11:15 +02:00
Alexander Larsson
645c433960 Fix distcheck issues 2015-09-17 20:24:04 +02:00
Alexander Larsson
f866097c94 Add XdgAppChainInputStream based on ostree version 
This should really be in some library, but lets just copy it for now.
 2015-09-17 15:27:04 +02:00
Alexander Larsson
7c788adb20 lib: Handle libsoup now having built-in autocleanup support 2015-09-17 10:56:14 +02:00
Alexander Larsson
7ef861cedf Add new override builtin to override app permissions 2015-09-11 16:07:31 +02:00
Alexander Larsson
c87e7e4e4f create dirs with 755, not 777 2015-09-11 15:30:39 +02:00
Alexander Larsson
9d1cfd7688 run: Support system overrides as well as per-user 2015-09-11 13:01:39 +02:00
Alexander Larsson
c702fa2555 XdgAppContext: Always initialize bitfields 2015-09-11 13:01:06 +02:00
Alexander Larsson
90718549ee run: Read per-app override metadata file 2015-09-09 16:31:49 +02:00
Alexander Larsson
6d98e56c55 run: Never propagate DISPLAY if X socket not requested 
This is just confusing.
 2015-09-09 16:31:07 +02:00
Alexander Larsson
5610b97455 XdgAppContext: Properly handle masking things from parent context 
This allows you to use things like --nosocket in build-finish to
override runtime defaults. But it is also a building block for
later changes.
 2015-09-09 14:11:05 +02:00
Alexander Larsson
60fc11035e db: Fix leak 2015-09-07 11:13:24 +02:00
Alexander Larsson
c0e480df94 Add xdg_app_mkstempat 
This is like g_mkstemp except it uses openat
 2015-09-03 22:17:00 +02:00
Alexander Larsson
58fb2c4e50 Markup AUTOLOCK with unused to avoid warnings 2015-09-03 22:16:43 +02:00
Colin Walters
8bbe3b3e41 helper: Add perf and ptrace to seccomp blacklist 
Note that I copied this xdg-app blacklist into linux-user-chroot:
https://git.gnome.org/browse/linux-user-chroot/commit/?id=8cee4ab7345f126d1dec55b7ca1f28e8090a58d3

We should figure out a better way down the line to share code - maybe
we can share a setup-seccomp.c?

Possibly in the long run we'll end up with diverging blacklists, as
linux-user-chroot can be a lot more aggressive, as its primary
audience is build side, not generic applications.  We'll see.

But in this patch I added a big comment on how we should share code,
and in particular credit sandstorm.io for some of these filters.
(Although they may have gotten some of them from Android or Chromium?)

Going back to the high level topic - let's add perf and ptrace to the
blacklist.  We expect profiling to be done from a non-sandboxed
terminal, or a less-restricted IDE type process which can look at the
namespace of other apps and the desktop/kernel.
 2015-09-02 09:08:06 +02:00