We don't really need a separate process here, and
doing things this way makes output from the sandbox
appear outside, thereby giving us meaningful error
messages for invalid icons.
Related: #2669Closes: #2677
Approved by: alexlarsson
This function helpfully does not 0-terminate the buffer,
so we have to do that ourselves. Also make the buffer
as large as possibly required, and handle errors.
Closes: #2630
Approved by: matthiasclasen
We can't look at the FLATPAK_VALIDATE_ICON environment variable
inside the sandbox. Use /proc/self/exe to find the binary to reexec.
Closes: #2618
Approved by: alexlarsson
We need to handle source directories not existing, for example /lib64
on a pure 32-bit system.
Because relative symlinks in a directory that is itself a symlink do
not have the same meaning as the same relative symlink in a bind-mount
of that directory, ideally we want to use --symlink for /lib and /lib64
on merged-/usr systems, but --ro-bind on non-merged-/usr systems.
Also bind /etc/ld.so.cache into the sandbox.
This is especially important for libstdc++ on distributions that
don't have it directly in a libdir and the runtime linker doesn't
look where needed without /etc/ld.so.cache (e.g. if libstdc++ is
in a GCC per-version subdirectory handled via /etc/ld.so.conf.d/).
Changes originally made in libgnome-desktop by Iain Lane (see
<https://bugzilla.gnome.org/show_bug.cgi?id=787072>).
Adapted from https://github.com/flatpak/xdg-desktop-portal/pull/289
by Simon McVittie.
Closes: #2618
Approved by: alexlarsson
Make the icon validator reexec itself inside a sandbos
if the --sandbox option is given. This lets us share
the sandbox setup between all users of this tool.
An additional advantage is that this makes the sandbox
setup code testable by iself.
Closes: #2618
Approved by: alexlarsson
