mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-04-16 13:00:48 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
2c7f24dcbf45aaec453960b61d24574c4f489dae
flatpak/common
History
Sebastian Wick 3c111d9e19 utils: Do not follow symlinks in flatpak_open_file_at 
We use flatpak_open_file_at in the context of the system helper to open
files written by a user. This means that we want to prevent DOS and
exposing files which only the system helper has access to.

To prevent DOS and avoid side-effects, the file is opened with
O_NONBLOCK and O_NOCTTY.

To prevent leaking files, the file is supposed to not open symlinks.
This part, we failed at. We check if the opened file is a regular file,
but what we actually checked is, if the file a symlink might point at is
a regular file.

Fix this by also specifying O_NOFOLLOW in openat.
2026-04-07 16:24:24 -04:00
..
flatpak-appdata-private.h
flatpak-appdata: Add support for extracting app content ratings
2019-10-03 10:42:04 +02:00
flatpak-appdata.c
appdata: Fix a -Wanalyzer-null-argument warning
2026-03-11 22:31:49 +00:00
flatpak-auth-private.h
authenticator: Fix sandboxed authenticators
2019-12-19 10:33:21 +01:00
flatpak-auth.c
Add a vim modeline and .editorconfig
2022-08-22 19:48:10 -07:00
flatpak-bundle-ref.c
utils: Move remaining direct ostree dependencies to repo-utils
2024-07-09 17:12:55 -03:00
flatpak-bundle-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-bwrap-private.h
flatpak-bwrap: Add dup-ing variant flatpak_bwrap_add_args_data_fd_dup
2026-04-07 16:17:51 -04:00
flatpak-bwrap.c
flatpak-bwrap: Use glnx_close_fd as clear func
2026-04-07 16:17:51 -04:00
flatpak-chain-input-stream-private.h
Don't use deprecated g_type_class_add_private API
2019-09-19 16:53:11 +00:00
flatpak-chain-input-stream.c
Don't use deprecated g_type_class_add_private API
2019-09-19 16:53:11 +00:00
flatpak-common-types-private.h
Revert "run: Add --no-scope to flatpak run"
2026-04-07 15:13:44 +00:00
flatpak-context-private.h
context: Use the new permission system for shares and features
2025-12-08 19:33:09 +00:00
flatpak-context.c
utils: Add flatpak_parse_fd
2026-04-07 16:17:51 -04:00
flatpak-dir-private.h
common: Check signatures when installing OCI images
2025-12-08 19:09:56 +00:00
flatpak-dir-utils-private.h
common: Break out the parts of flatpak-utils that deal with FlatpakDir
2024-07-09 17:12:55 -03:00
flatpak-dir-utils.c
common: Break out the parts of flatpak-utils that deal with FlatpakDir
2024-07-09 17:12:55 -03:00
flatpak-dir.c
run: Use O_PATH fds for the runtime and app deploy directories
2026-04-07 16:17:51 -04:00
flatpak-docker-reference-private.h
image-source: Add flatpak_image_source_new_for_location
2025-08-25 15:56:20 +00:00
flatpak-docker-reference.c
image-source: Add flatpak_image_source_new_for_location
2025-08-25 15:56:20 +00:00
flatpak-enum-types.c.template
enum-types: Make generated files more reproducible
2022-09-07 09:21:58 +02:00
flatpak-enum-types.h.template
enum-types: Make generated files more reproducible
2022-09-07 09:21:58 +02:00
flatpak-error.c
Run uncrustify
2019-02-25 18:12:30 +00:00
flatpak-error.h
fix: cross typos, detail below
2026-01-21 17:58:19 +00:00
flatpak-exports-private.h
exports: add host-root
2025-09-24 17:19:21 +00:00
flatpak-exports.c
exports: add host-root
2025-09-24 17:19:21 +00:00
flatpak-glib-backports-private.h
glib-backports: Add g_set_str from 2.84.1
2025-08-26 11:51:07 +00:00
flatpak-glib-backports.c
glib-backports: Use g_ascii_string_to_unsigned if GLib is new enough
2023-05-17 11:35:44 +01:00
flatpak-image-collection-private.h
image-collection: Add the new FlatpakImageCollection class
2025-10-24 16:27:33 +00:00
flatpak-image-collection.c
image-collection: Add the new FlatpakImageCollection class
2025-10-24 16:27:33 +00:00
flatpak-image-source-private.h
common: Check signatures when installing OCI images
2025-12-08 19:09:56 +00:00
flatpak-image-source.c
common: Check signatures when installing OCI images
2025-12-08 19:09:56 +00:00
flatpak-installation-private.h
Export (private) flatpak_installation_get_dir()
2019-10-02 14:57:11 +02:00
flatpak-installation.c
run: Add (ro-)bind fds to flatpak_run_app
2026-04-07 16:17:51 -04:00
flatpak-installation.h
flatpak-installation: Fix some typos in documentation comments
2021-06-14 15:30:59 +01:00
flatpak-installed-ref-private.h
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-installed-ref.c
Revert "Add support for files generated by appstreamcli compose (#5277)"
2023-02-04 12:30:15 -06:00
flatpak-installed-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-instance-private.h
instance: Add flatpak_instance_get_run_environ()
2023-10-27 17:09:52 +01:00
flatpak-instance.c
instance: Add flatpak_instance_get_run_environ()
2023-10-27 17:09:52 +01:00
flatpak-instance.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-json-backports-private.h
common: Move json-glib backports to their own file
2023-05-17 11:35:44 +01:00
flatpak-json-oci-private.h
json-oci: Make FlatpakOciSignature just a simple signature
2025-12-08 19:09:56 +00:00
flatpak-json-oci.c
json-oci: Make FlatpakOciSignature just a simple signature
2025-12-08 19:09:56 +00:00
flatpak-json-private.h
json-oci: Mark mandatory fields as such
2025-12-04 11:08:08 +00:00
flatpak-json.c
fix: cross typos, detail below
2026-01-21 17:58:19 +00:00
flatpak-locale-utils-private.h
common: Move locale utils to their own small translation unit
2023-11-14 18:39:22 +00:00
flatpak-locale-utils.c
locale-utils: Always get system locale languages from localed
2024-03-27 14:22:45 +00:00
flatpak-metadata-private.h
flatpak: Add USB enumerables / hidden lists
2024-10-16 14:11:56 -03:00
flatpak-oci-registry-private.h
common: Check signatures when installing OCI images
2025-12-08 19:09:56 +00:00
flatpak-oci-registry.c
fix: cross typos, detail below
2026-01-21 17:58:19 +00:00
flatpak-oci-signatures-private.h
common: Check signatures when installing OCI images
2025-12-08 19:09:56 +00:00
flatpak-oci-signatures.c
common: Check signatures when installing OCI images
2025-12-08 19:09:56 +00:00
flatpak-parental-controls-private.h
dir: Support filtering app installs/upgrades by user’s OARS settings
2019-10-03 10:42:04 +02:00
flatpak-parental-controls.c
common: Use g_info() for messages that will be shown by flatpak -v
2022-12-15 16:45:35 +00:00
flatpak-portal-error.c
common: Move flatpak-portal-error.[ch] back to common code
2018-04-26 07:41:17 +00:00
flatpak-portal-error.h
doc: Document FlatpakPortalError
2019-12-01 14:04:59 -05:00
flatpak-progress-private.h
FlatpakProgress: Clean up APIs for handling extra data
2020-03-27 17:23:13 +01:00
flatpak-progress.c
common: Use g_info() for messages that will be shown by flatpak -v
2022-12-15 16:45:35 +00:00
flatpak-prune-private.h
common: Explicitly include ostree.h where needed
2024-07-09 17:12:55 -03:00
flatpak-prune.c
prune: Move locking operations to execute only outside dry run
2025-04-30 14:00:20 +00:00
flatpak-ref-utils-private.h
common: Move declaration of get_compat_arch_reverse back to -utils
2023-07-03 20:07:57 +02:00
flatpak-ref-utils.c
ref-utils: Move flatpak_get_arch_for_ref() to here
2024-07-09 17:12:55 -03:00
flatpak-ref.c
utils: Remove unnecessary flatpak-ref-utils-private.h inclusion
2024-07-09 17:12:55 -03:00
flatpak-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-related-ref-private.h
Drop more collection_id use
2020-03-23 17:58:04 +01:00
flatpak-related-ref.c
Add a vim modeline and .editorconfig
2022-08-22 19:48:10 -07:00
flatpak-related-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-remote-private.h
lib: Only support FLATPAK_REMOTE_TYPE_STATIC remote types
2020-03-25 08:52:28 +01:00
flatpak-remote-ref-private.h
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-remote-ref.c
Fix "end of line" typo in internal #defines
2025-01-09 17:00:07 +01:00
flatpak-remote-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-remote.c
typo: Fix URL usages
2026-01-05 21:16:15 +05:30
flatpak-remote.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-repo-utils-private.h
app: Add a "signature lookaside" repository configuration
2025-12-08 19:09:56 +00:00
flatpak-repo-utils.c
repo-utils: Remove dead code
2026-03-19 23:40:29 +00:00
flatpak-run-cups-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-cups.c
fix: cross typos, detail below
2026-01-21 17:58:19 +00:00
flatpak-run-dbus-private.h
context: Support condtional permissions for socket and devices
2025-10-13 18:31:33 +00:00
flatpak-run-dbus.c
context: Support condtional permissions for socket and devices
2025-10-13 18:31:33 +00:00
flatpak-run-private.h
run: Add (ro-)bind fds to flatpak_run_app
2026-04-07 16:17:51 -04:00
flatpak-run-pulseaudio-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-pulseaudio.c
fix: cross typos, detail below
2026-01-21 17:58:19 +00:00
flatpak-run-sockets-private.h
common: add support for Wayland security context
2023-08-24 12:17:53 +02:00
flatpak-run-sockets.c
context: Support condtional permissions for socket and devices
2025-10-13 18:31:33 +00:00
flatpak-run-wayland-private.h
context: Support condtional permissions for socket and devices
2025-10-13 18:31:33 +00:00
flatpak-run-wayland.c
context: Support condtional permissions for socket and devices
2025-10-13 18:31:33 +00:00
flatpak-run-x11-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-x11.c
Use g_steal_fd()
2023-09-04 13:25:32 +01:00
flatpak-run.c
run: Add (ro-)bind fds to flatpak_run_app
2026-04-07 16:17:51 -04:00
flatpak-syscalls-private.h
common: Add a list of recently-added Linux syscalls
2021-10-08 12:53:20 +02:00
flatpak-transaction-private.h
Transaction: Ensure we download the subsummary for the arch of added refs
2021-05-19 09:49:30 +02:00
flatpak-transaction.c
fix: cross typos, detail below
2026-01-21 17:58:19 +00:00
flatpak-transaction.h
transaction: Support sideloading from OCI repos/archives
2025-10-24 16:27:33 +00:00
flatpak-uri-private.h
uri: Don't do scheme-based normalization with GLib 2.66.x
2022-09-06 13:20:05 +02:00
flatpak-uri.c
uri: Don't rely on g_time_zone_new_offset()
2022-09-07 09:21:19 +02:00
flatpak-usb-private.h
context: Implement device lists for usb
2024-10-16 14:11:56 -03:00
flatpak-usb.c
context: Implement device lists for usb
2024-10-16 14:11:56 -03:00
flatpak-utils-base-private.h
session-helper: track the destinations of broken symlinks
2025-10-13 19:02:44 +00:00
flatpak-utils-base.c
session-helper: track the destinations of broken symlinks
2025-10-13 19:02:44 +00:00
flatpak-utils-http-private.h
common: Implement /etc/containers/certs.d for OCI registries
2025-05-08 16:08:21 +00:00
flatpak-utils-http.c
fix: cross typos, detail below
2026-01-21 17:58:19 +00:00
flatpak-utils-private.h
utils: Add flatpak_parse_fd
2026-04-07 16:17:51 -04:00
flatpak-utils.c
utils: Do not follow symlinks in flatpak_open_file_at
2026-04-07 16:24:24 -04:00
flatpak-version-macros.h.in
doc: Fix a duplicate section
2019-12-02 07:45:51 -05:00
flatpak-xml-utils-private.h
xml-utils: Don't expose symbols that don't need to be visble
2024-05-03 13:21:29 +01:00
flatpak-xml-utils.c
xml-utils: Don't expose symbols that don't need to be visble
2024-05-03 13:21:29 +01:00
flatpak-zstd-compressor-private.h
flatpak-build-bundle: Add --oci-layer-compress=zstd
2025-11-20 17:30:07 +00:00
flatpak-zstd-compressor.c
flatpak-build-bundle: Add --oci-layer-compress=zstd
2025-11-20 17:30:07 +00:00
flatpak-zstd-decompressor-private.h
zstd-decompressor: Replace boilerplate with G_DECLARE_FINAL_TYPE macro
2025-11-20 17:30:07 +00:00
flatpak-zstd-decompressor.c
oci: Make libzstd optional (and disable OCI deltas if not there)
2020-06-05 09:35:30 +02:00
flatpak.c
Merge lib/* into common
2018-05-24 11:59:52 +00:00
flatpak.h
Make FlatpakInstance api public
2018-10-08 08:36:23 +00:00
meson.build
oci-signatures: Move OCI signature code to a separate file
2025-12-08 19:09:56 +00:00
test-lib.c
build: Consistently include libglnx header as "libglnx.h"
2022-04-11 10:32:34 +02:00
valgrind-private.h
fix: cross typos, detail below
2026-01-21 17:58:19 +00:00