mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-01-28 09:38:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
410 Commits 45 Branches 198 Tags
0.3.1
Commit Graph

410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexander Larsson
a39197c60c Bump version to 0.3.1 0.3.1 2015-06-04 16:03:26 +02:00
Alexander Larsson
e856962cc4 helper: Clean up launched command line 2015-06-02 15:51:58 +02:00
Alexander Larsson
d781e27094 run: If session helper not available, bind-mount /etc/resolv.conf 
This helps in e.g development environments
 2015-06-02 13:36:11 +02:00
Alexander Larsson
8241165848 helper: Don't fail if ~/.local/share/xdg-app does not exist 2015-06-02 13:33:57 +02:00
Alexander Larsson
dc5431fb98 helper: Make ~/.local/share/xdg-app read-only in sandbox 
There should never be a need to install or modify apps
from inside the sandbox.
 2015-06-02 11:46:15 +02:00
Alexander Larsson
b1aa93a9d4 Use seccomp to limit allowed syscalls 
We disallow any network family but inet, inet6, unix and netlink
as the rest are generally weird old unused things.

We also have a blacklist of syscalls, some are just old unnecessary
things, some are things that are "risky", like NUMA/VM control, and
setting up custom sub-namespaces.
 2015-06-02 11:14:27 +02:00
Alexander Larsson
811c512e56 helper: Make all helper functions static 
Also, remove unused ones
 2015-06-02 09:57:23 +02:00
Alexander Larsson
61012949d7 helper: Fix thinko due to create_file() return type change 
This broke wayland/dbus socket support
 2015-06-01 16:23:46 +02:00
Alexander Larsson
05ddc17ee2 Make /var/cache persistent (in app-data cache dir) 
This is nice as it makes the fontconfig cache persist, which is needed
for e.g. the host fonts to not take a long time each time you start an
app.
 2015-06-01 16:03:33 +02:00
Alexander Larsson
7ebbba1d64 Show version when listing apps and runtimes 2015-06-01 13:32:48 +02:00
Alexander Larsson
e6df651528 Show source repo when listing apps and runtimes 2015-06-01 13:28:19 +02:00
Alexander Larsson
3cf4a0d7e6 Use xdg_app_dir_get_origin helper 2015-06-01 13:28:03 +02:00
Alexander Larsson
c1b2a67a84 Add xdg_app_dir_get_origin() helper 2015-06-01 13:27:41 +02:00
Alexander Larsson
50b3de3728 helper: Optionally add back setuid support 
If you don't have userns support in your kernel you can use this.
The future lies with userns though, so it is the default.
 2015-05-29 10:46:10 +02:00
Alexander Larsson
31692b6ab2 helper: Minor cleanup of uid/gid handling 2015-05-28 22:28:37 +02:00
Alexander Larsson
2c0c21744f helper: Drop setuid and use user namespaces 2015-05-28 22:02:31 +02:00
Alexander Larsson
8b7822ff07 helper: Only call get[ug]id() once at the start 
Since the uid keeps changing during the runtime of the helper this makes things
much less complicated.
 2015-05-28 21:59:34 +02:00
Alexander Larsson
d12c3cd09f run: Fix typo that broke env var support 0.3 2015-05-26 14:48:54 +02:00
Alexander Larsson
c6b6ba5095 Bump version to 0.3.0 2015-05-26 13:53:11 +02:00
Alexander Larsson
49bea07b74 build: Remove duplicated helper arguments 2015-05-25 21:36:56 +02:00
Alexander Larsson
3a20c07280 build: Always allow host fs access 2015-05-25 21:36:36 +02:00
Alexander Larsson
1a68b0bbf2 helper: Fix errors caused by create_file() return value change 2015-05-25 21:36:04 +02:00
Alexander Larsson
16b46d3579 Update docs for new run command line options 2015-05-25 16:01:33 +02:00
Alexander Larsson
2cb54a711e helper: Remove backwars compat /self symlink 
We've broken the format anyway.
 2015-05-25 15:37:12 +02:00
Alexander Larsson
111eff480e run: Remove hardcoded GI_TYPELIB_PATH 
This is now better done in the [Environment] part of
the runtime metadata
 2015-05-25 15:35:54 +02:00
Alexander Larsson
7f6d801d8e Context: Finish support for filesystems 
You can now expose absolute paths, ~/foo paths, or xdg-* paths which
expands to xdg user dirs.
 2015-05-25 15:28:29 +02:00
Alexander Larsson
15df2884a6 helper: Add support for moving files into sandbox 
If you do -Mfoo=bar, then bar will be copied to foo and then unlinked.
 2015-05-25 15:26:33 +02:00
Alexander Larsson
26f2e1bb29 helper: If old CWD is not mapped, use $HOME 2015-05-25 12:22:03 +02:00
Alexander Larsson
ee867058a9 Add support for persistent homedirectory dirs 2015-05-25 11:30:53 +02:00
Alexander Larsson
5521bf7ebd helper: Add support for read/write extra dirs 2015-05-25 11:30:38 +02:00
Alexander Larsson
b862cdb6aa Make extra_dirs and lock_dirs dynammic 
This way we don't get an artificial max size.
 2015-05-25 11:24:12 +02:00
Alexander Larsson
942e4bcdb6 Convert all builtins to the new metadata/arg formats using XdgAppContext 2015-05-22 16:55:45 +02:00
Alexander Larsson
7ba3d09e29 Add new XdgAppContext helper object 
This will replace all the custom handling of context options
for metadata files and command line args. It also changes how
the permissions etc are serialized in the metadata files to a
saner format.
 2015-05-22 16:52:25 +02:00
Alexander Larsson
8ffacee14c Change /self to /app 
This changes the application prefix to /app, which has the
advantage of being the same length as /usr. This may help
making some packages relocatable.

We make /self a symlink to /app for now, to keep existing images
work, but at some point we will probably remove this.
 2015-05-21 18:54:06 +02:00
Alexander Larsson
3a68d242a6 Bump version to 0.2.1 0.2.1 2015-05-21 17:08:36 +02:00
Alexander Larsson
a6fd8c3611 Merge pull request #77 from cgwalters/srcdir-builddir 
build: Fix srcdir != builddir from git
 2015-05-19 18:38:57 +02:00
Colin Walters
290253b4e2 build: Fix srcdir != builddir from git 
We could just `mkdir -p profile`, but it's saner to just drop it in
the builddir.
 2015-05-19 12:36:34 -04:00
Alexander Larsson
ea4adc2a8b Merge pull request #75 from amigadave/master 
Add a simple profile.d snippet for XDG_DATA_DIRS
 2015-05-19 18:17:20 +02:00
Alexander Larsson
34f264e1f1 proxy: Always send all possible queued messages in main callback 2015-05-19 11:23:14 +02:00
Alexander Larsson
a79214b56c proxy: Always read all incomming socket messages on each mainloop callback 2015-05-19 11:15:38 +02:00
Alexander Larsson
4708e73bee proxy: Properly detect authentication end 
When reading the authentication messages we don't know the
packet size, so we may read to much data, getting a partial
(or full) dbus message after the authentication end.

This commit does a better job looking for the authentication end,
and when found it queues any leftover data from the buffer and
reads it instead of the socket input in the next iteration.
 2015-05-19 10:56:21 +02:00
Alexander Larsson
7a31cdc9a9 proxy: Minor cleanup for first byte case 
We treat this mostly the same as the !authenticated case
rather than a completely different case
 2015-05-19 09:05:03 +02:00
David King
27fdae4153 Add a simple profile.d snippet for XDG_DATA_DIRS 
https://github.com/alexlarsson/xdg-app/issues/74
 2015-05-15 17:00:38 +01:00
Alexander Larsson
e72beada8a helper: Bind mount /sys subset 
Instead of mounting our own sysfs instance we bind mount in only
a subset of the /sys subdirectories from the host. This has several
advantages:

* If something was covered out in the host we will shadow that (i.e.
  the app will never see more of sysfs than non xdg-apps)
* We can avoid showing some weird parts of sysfs, focusing on the
  device descriptions needed for e.g. mesa
* Bind mounts are allowed in a non-root user-namespace, whereas
  the sysfs mount is not, taking us one step closer to that.
 2015-05-15 17:44:20 +02:00
Alexander Larsson
a1892ee8b0 Fix build with old glib 
We failed to include libglnx headers for the proxy which made
things fail if the autoptr support was not in glib.
 2015-05-15 13:28:11 +02:00
Alexander Larsson
9028b3960d Merge pull request #72 from matthiasclasen/typo-fix 
Fix a typo
 2015-05-15 10:24:47 +02:00
Matthias Clasen
072743e11e Fix a typo 2015-05-14 17:50:48 -04:00
Alexander Larsson
798f758969 Bump version to 0.2 0.2 2015-05-13 17:09:53 +02:00
Alexander Larsson
d4aeb5c10b Only warn if removing old commits fail 2015-05-13 17:07:24 +02:00
Alexander Larsson
c8d2df6ad1 xdg-app build: Bind mount host resolv.conf during builds 
Its not totally unheard of to use network during builds, for
instance to download packages. This does so via a straight
(readonly) bind mount of the host version.

This is slightly different from what xdg-app run does, as
that relies on a full session and xdg-app-helper, but instead
that handles the config changing during runtime.
 2015-05-13 16:36:59 +02:00