mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-05-17 13:17:38 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
15dc23b1be7d4c9964310072e2cad271168bbc2f
flatpak/common
History
Sebastian Wick 4a678f463b utils: Do not follow symlinks in local_open_file 
We use local_open_file in the context of the system helper to open
files written by a user. This means that we want to prevent DOS and
exposing files which only the system helper has access to.

To prevent DOS and avoid side-effects, the file is opened with
O_NONBLOCK and O_NOCTTY.

To prevent leaking files, the file is supposed to not open symlinks.
This part, we failed at. We check if the opened file is a regular file,
but what we actually checked is, if the file a symlink might point at is
a regular file.

Fix this by also specifying O_NOFOLLOW in openat.

(cherry picked from commit FIXME)
2026-04-07 16:24:25 -04:00
..
flatpak-appdata-private.h
flatpak-appdata: Add support for extracting app content ratings
2019-10-03 10:42:04 +02:00
flatpak-appdata.c
appdata: exclude <name> element inside <developer>
2024-03-12 08:31:08 -05:00
flatpak-auth-private.h
authenticator: Fix sandboxed authenticators
2019-12-19 10:33:21 +01:00
flatpak-auth.c
Add a vim modeline and .editorconfig
2022-08-22 19:48:10 -07:00
flatpak-bundle-ref.c
utils: Move remaining direct ostree dependencies to repo-utils
2024-07-09 17:12:55 -03:00
flatpak-bundle-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-bwrap-private.h
flatpak-bwrap: Add dup-ing variant flatpak_bwrap_add_args_data_fd_dup
2026-04-07 16:17:51 -04:00
flatpak-bwrap.c
flatpak-bwrap: Use glnx_close_fd as clear func
2026-04-07 16:17:51 -04:00
flatpak-chain-input-stream-private.h
Don't use deprecated g_type_class_add_private API
2019-09-19 16:53:11 +00:00
flatpak-chain-input-stream.c
Don't use deprecated g_type_class_add_private API
2019-09-19 16:53:11 +00:00
flatpak-common-types-private.h
Add an option to share the pid namespace with the parent flatpak
2021-01-12 09:55:23 +01:00
flatpak-context-private.h
context: Implement device lists for usb
2024-10-16 14:11:56 -03:00
flatpak-context.c
utils: Add flatpak_parse_fd
2026-04-07 16:17:51 -04:00
flatpak-dir-private.h
common: support reinstall option on bundle installations
2025-12-01 11:04:56 -05:00
flatpak-dir-utils-private.h
common: Break out the parts of flatpak-utils that deal with FlatpakDir
2024-07-09 17:12:55 -03:00
flatpak-dir-utils.c
common: Break out the parts of flatpak-utils that deal with FlatpakDir
2024-07-09 17:12:55 -03:00
flatpak-dir.c
run: Use O_PATH fds for the runtime and app deploy directories
2026-04-07 16:17:51 -04:00
flatpak-enum-types.c.template
enum-types: Make generated files more reproducible
2022-09-07 09:21:58 +02:00
flatpak-enum-types.h.template
enum-types: Make generated files more reproducible
2022-09-07 09:21:58 +02:00
flatpak-error.c
Run uncrustify
2019-02-25 18:12:30 +00:00
flatpak-error.h
common: Tweak error code docs
2021-02-09 09:36:59 +01:00
flatpak-exports-private.h
common: Move flatpak_abs_usrmerged_dirs to FlatpakExports
2023-07-03 20:07:57 +02:00
flatpak-exports.c
app, common, tests: Avoid deprecated g_qsort_with_data()
2024-10-15 13:53:07 +01:00
flatpak-glib-backports-private.h
glib-backports: Use g_ascii_string_to_unsigned if GLib is new enough
2023-05-17 11:35:44 +01:00
flatpak-glib-backports.c
glib-backports: Use g_ascii_string_to_unsigned if GLib is new enough
2023-05-17 11:35:44 +01:00
flatpak-installation-private.h
Export (private) flatpak_installation_get_dir()
2019-10-02 14:57:11 +02:00
flatpak-installation.c
run: Add (ro-)bind fds to flatpak_run_app
2026-04-07 16:17:51 -04:00
flatpak-installation.h
flatpak-installation: Fix some typos in documentation comments
2021-06-14 15:30:59 +01:00
flatpak-installed-ref-private.h
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-installed-ref.c
Revert "Add support for files generated by appstreamcli compose (#5277)"
2023-02-04 12:30:15 -06:00
flatpak-installed-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-instance-private.h
instance: Add flatpak_instance_get_run_environ()
2023-10-27 17:09:52 +01:00
flatpak-instance.c
instance: Add flatpak_instance_get_run_environ()
2023-10-27 17:09:52 +01:00
flatpak-instance.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-json-backports-private.h
common: Move json-glib backports to their own file
2023-05-17 11:35:44 +01:00
flatpak-json-oci-private.h
oci: Add helpers to parse OCI delta index and manifest
2020-06-05 09:35:30 +02:00
flatpak-json-oci.c
oci: Actually only return the only manifest in get_only_manifest
2025-12-01 11:04:56 -05:00
flatpak-json-private.h
Cache the downloaded registry index in compressed form
2018-08-09 12:49:36 +00:00
flatpak-json.c
Add a vim modeline and .editorconfig
2022-08-22 19:48:10 -07:00
flatpak-locale-utils-private.h
common: Move locale utils to their own small translation unit
2023-11-14 18:39:22 +00:00
flatpak-locale-utils.c
locale-utils: Always get system locale languages from localed
2024-03-27 14:22:45 +00:00
flatpak-metadata-private.h
flatpak: Add USB enumerables / hidden lists
2024-10-16 14:11:56 -03:00
flatpak-oci-registry-private.h
common: Break out the parts of flatpak-utils that deal with FlatpakDir
2024-07-09 17:12:55 -03:00
flatpak-oci-registry.c
utils: Do not follow symlinks in local_open_file
2026-04-07 16:24:25 -04:00
flatpak-parental-controls-private.h
dir: Support filtering app installs/upgrades by user’s OARS settings
2019-10-03 10:42:04 +02:00
flatpak-parental-controls.c
common: Use g_info() for messages that will be shown by flatpak -v
2022-12-15 16:45:35 +00:00
flatpak-portal-error.c
common: Move flatpak-portal-error.[ch] back to common code
2018-04-26 07:41:17 +00:00
flatpak-portal-error.h
doc: Document FlatpakPortalError
2019-12-01 14:04:59 -05:00
flatpak-progress-private.h
FlatpakProgress: Clean up APIs for handling extra data
2020-03-27 17:23:13 +01:00
flatpak-progress.c
common: Use g_info() for messages that will be shown by flatpak -v
2022-12-15 16:45:35 +00:00
flatpak-prune-private.h
common: Explicitly include ostree.h where needed
2024-07-09 17:12:55 -03:00
flatpak-prune.c
prune: Move locking operations to execute only outside dry run
2025-04-30 14:00:20 +00:00
flatpak-ref-utils-private.h
common: Move declaration of get_compat_arch_reverse back to -utils
2023-07-03 20:07:57 +02:00
flatpak-ref-utils.c
ref-utils: Move flatpak_get_arch_for_ref() to here
2024-07-09 17:12:55 -03:00
flatpak-ref.c
utils: Remove unnecessary flatpak-ref-utils-private.h inclusion
2024-07-09 17:12:55 -03:00
flatpak-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-related-ref-private.h
Drop more collection_id use
2020-03-23 17:58:04 +01:00
flatpak-related-ref.c
Add a vim modeline and .editorconfig
2022-08-22 19:48:10 -07:00
flatpak-related-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-remote-private.h
lib: Only support FLATPAK_REMOTE_TYPE_STATIC remote types
2020-03-25 08:52:28 +01:00
flatpak-remote-ref-private.h
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-remote-ref.c
Fix "end of line" typo in internal #defines
2025-01-09 17:00:07 +01:00
flatpak-remote-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-remote.c
utils: Move more repository functionality to repo-utils
2024-07-09 17:12:55 -03:00
flatpak-remote.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-repo-utils-private.h
Fix "end of line" typo in internal #defines
2025-01-09 17:00:07 +01:00
flatpak-repo-utils.c
utils: Don't pass NULL remote to ostree_repo_get_remote_option
2025-11-14 20:14:30 +05:30
flatpak-run-cups-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-cups.c
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-dbus-private.h
context: Add --a11y-own-name
2024-08-29 14:11:50 -03:00
flatpak-run-dbus.c
run-dbus: Don't call GetAddress() if AT_SPI_BUS_ADDRESS is set
2025-03-31 12:41:32 +00:00
flatpak-run-private.h
run: Add (ro-)bind fds to flatpak_run_app
2026-04-07 16:17:51 -04:00
flatpak-run-pulseaudio-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-pulseaudio.c
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-sockets-private.h
common: add support for Wayland security context
2023-08-24 12:17:53 +02:00
flatpak-run-sockets.c
wayland: Unset WAYLAND_DISPLAY, WAYLAND_SOCKET when socket is disabled
2025-03-27 20:04:13 +00:00
flatpak-run-wayland-private.h
wayland: Unset WAYLAND_DISPLAY, WAYLAND_SOCKET when socket is disabled
2025-03-27 20:04:13 +00:00
flatpak-run-wayland.c
wayland: Unset WAYLAND_DISPLAY, WAYLAND_SOCKET when socket is disabled
2025-03-27 20:04:13 +00:00
flatpak-run-x11-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-x11.c
Use g_steal_fd()
2023-09-04 13:25:32 +01:00
flatpak-run.c
run: Add (ro-)bind fds to flatpak_run_app
2026-04-07 16:17:51 -04:00
flatpak-syscalls-private.h
common: Add a list of recently-added Linux syscalls
2021-10-08 12:53:20 +02:00
flatpak-transaction-private.h
Transaction: Ensure we download the subsummary for the arch of added refs
2021-05-19 09:49:30 +02:00
flatpak-transaction.c
common: support reinstall option on bundle installations
2025-12-01 11:04:56 -05:00
flatpak-transaction.h
transaction: Add new flatpak_transaction_add_rebase_and_uninstall() API
2023-03-30 14:54:18 +02:00
flatpak-uri-private.h
uri: Don't do scheme-based normalization with GLib 2.66.x
2022-09-06 13:20:05 +02:00
flatpak-uri.c
uri: Don't rely on g_time_zone_new_offset()
2022-09-07 09:21:19 +02:00
flatpak-usb-private.h
context: Implement device lists for usb
2024-10-16 14:11:56 -03:00
flatpak-usb.c
context: Implement device lists for usb
2024-10-16 14:11:56 -03:00
flatpak-utils-base-private.h
common: Add flatpak_get_tzdir() helper
2024-06-21 11:12:57 -03:00
flatpak-utils-base.c
common: Simplify tzdir logic in flatpak_get_timezone
2024-06-21 11:12:57 -03:00
flatpak-utils-http-private.h
common: Implement /etc/containers/certs.d for OCI registries
2025-05-08 16:08:21 +00:00
flatpak-utils-http.c
http: Add cancellation support for curl downloads and error handling
2025-12-03 19:34:17 -05:00
flatpak-utils-private.h
utils: Add flatpak_parse_fd
2026-04-07 16:17:51 -04:00
flatpak-utils.c
utils: Only remove cached files in the cache directory
2026-04-07 16:21:15 -04:00
flatpak-version-macros.h.in
doc: Fix a duplicate section
2019-12-02 07:45:51 -05:00
flatpak-xml-utils-private.h
xml-utils: Don't expose symbols that don't need to be visble
2024-05-03 13:21:29 +01:00
flatpak-xml-utils.c
xml-utils: Don't expose symbols that don't need to be visble
2024-05-03 13:21:29 +01:00
flatpak-zstd-decompressor-private.h
Add FlatpakZstdDecompressor converter (and libzstd dep)
2020-06-05 09:35:30 +02:00
flatpak-zstd-decompressor.c
oci: Make libzstd optional (and disable OCI deltas if not there)
2020-06-05 09:35:30 +02:00
flatpak.c
Merge lib/* into common
2018-05-24 11:59:52 +00:00
flatpak.h
Make FlatpakInstance api public
2018-10-08 08:36:23 +00:00
meson.build
build: fix build with -Ddefault_library=static
2025-02-15 12:33:28 +01:00
test-lib.c
build: Consistently include libglnx header as "libglnx.h"
2022-04-11 10:32:34 +02:00
valgrind-private.h
Fix misspellings
2019-04-08 12:50:42 +00:00