mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-05-17 13:17:38 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
494c5ea687be884487fa5dc8b943130d9df7bb5f
flatpak/common
History
Sebastian Wick 873ed8b371 run: Use O_PATH fds for the runtime and app deploy directories 
This also allows us to use glnx_chaseat, and other at-functions to
traverse the filesystem tree in a safe way.

This is important because the app and runtime deploy directories can be
under an attackers control. The flatpak portal for example allows
sandboxed apps to provide them.

In particular, attacks where the deploy dirs get replaced by a symlink
pointing into the host system will be stopped by this.

Note that this change alone is not enough to avoid the attack, and the
portal has to be changed as well.
2026-04-07 16:17:51 -04:00
..
flatpak-appdata-private.h
flatpak-appdata: Add support for extracting app content ratings
2019-10-03 10:42:04 +02:00
flatpak-appdata.c
appdata: exclude <name> element inside <developer>
2024-03-12 08:31:08 -05:00
flatpak-auth-private.h
authenticator: Fix sandboxed authenticators
2019-12-19 10:33:21 +01:00
flatpak-auth.c
Add a vim modeline and .editorconfig
2022-08-22 19:48:10 -07:00
flatpak-bundle-ref.c
utils: Move remaining direct ostree dependencies to repo-utils
2024-07-09 17:12:55 -03:00
flatpak-bundle-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-bwrap-private.h
flatpak-bwrap: Add dup-ing variant flatpak_bwrap_add_args_data_fd_dup
2026-04-07 16:17:51 -04:00
flatpak-bwrap.c
flatpak-bwrap: Use glnx_close_fd as clear func
2026-04-07 16:17:51 -04:00
flatpak-chain-input-stream-private.h
Don't use deprecated g_type_class_add_private API
2019-09-19 16:53:11 +00:00
flatpak-chain-input-stream.c
Don't use deprecated g_type_class_add_private API
2019-09-19 16:53:11 +00:00
flatpak-common-types-private.h
Add an option to share the pid namespace with the parent flatpak
2021-01-12 09:55:23 +01:00
flatpak-context-private.h
context: Implement device lists for usb
2024-10-16 14:11:56 -03:00
flatpak-context.c
utils: Add flatpak_parse_fd
2026-04-07 16:17:51 -04:00
flatpak-dir-private.h
common: support reinstall option on bundle installations
2025-12-01 11:04:56 -05:00
flatpak-dir-utils-private.h
common: Break out the parts of flatpak-utils that deal with FlatpakDir
2024-07-09 17:12:55 -03:00
flatpak-dir-utils.c
common: Break out the parts of flatpak-utils that deal with FlatpakDir
2024-07-09 17:12:55 -03:00
flatpak-dir.c
run: Use O_PATH fds for the runtime and app deploy directories
2026-04-07 16:17:51 -04:00
flatpak-enum-types.c.template
enum-types: Make generated files more reproducible
2022-09-07 09:21:58 +02:00
flatpak-enum-types.h.template
enum-types: Make generated files more reproducible
2022-09-07 09:21:58 +02:00
flatpak-error.c
Run uncrustify
2019-02-25 18:12:30 +00:00
flatpak-error.h
common: Tweak error code docs
2021-02-09 09:36:59 +01:00
flatpak-exports-private.h
common: Move flatpak_abs_usrmerged_dirs to FlatpakExports
2023-07-03 20:07:57 +02:00
flatpak-exports.c
app, common, tests: Avoid deprecated g_qsort_with_data()
2024-10-15 13:53:07 +01:00
flatpak-glib-backports-private.h
glib-backports: Use g_ascii_string_to_unsigned if GLib is new enough
2023-05-17 11:35:44 +01:00
flatpak-glib-backports.c
glib-backports: Use g_ascii_string_to_unsigned if GLib is new enough
2023-05-17 11:35:44 +01:00
flatpak-installation-private.h
Export (private) flatpak_installation_get_dir()
2019-10-02 14:57:11 +02:00
flatpak-installation.c
run: Use O_PATH fds for the runtime and app deploy directories
2026-04-07 16:17:51 -04:00
flatpak-installation.h
flatpak-installation: Fix some typos in documentation comments
2021-06-14 15:30:59 +01:00
flatpak-installed-ref-private.h
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-installed-ref.c
Revert "Add support for files generated by appstreamcli compose (#5277)"
2023-02-04 12:30:15 -06:00
flatpak-installed-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-instance-private.h
instance: Add flatpak_instance_get_run_environ()
2023-10-27 17:09:52 +01:00
flatpak-instance.c
instance: Add flatpak_instance_get_run_environ()
2023-10-27 17:09:52 +01:00
flatpak-instance.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-json-backports-private.h
common: Move json-glib backports to their own file
2023-05-17 11:35:44 +01:00
flatpak-json-oci-private.h
oci: Add helpers to parse OCI delta index and manifest
2020-06-05 09:35:30 +02:00
flatpak-json-oci.c
oci: Actually only return the only manifest in get_only_manifest
2025-12-01 11:04:56 -05:00
flatpak-json-private.h
Cache the downloaded registry index in compressed form
2018-08-09 12:49:36 +00:00
flatpak-json.c
Add a vim modeline and .editorconfig
2022-08-22 19:48:10 -07:00
flatpak-locale-utils-private.h
common: Move locale utils to their own small translation unit
2023-11-14 18:39:22 +00:00
flatpak-locale-utils.c
locale-utils: Always get system locale languages from localed
2024-03-27 14:22:45 +00:00
flatpak-metadata-private.h
flatpak: Add USB enumerables / hidden lists
2024-10-16 14:11:56 -03:00
flatpak-oci-registry-private.h
common: Break out the parts of flatpak-utils that deal with FlatpakDir
2024-07-09 17:12:55 -03:00
flatpak-oci-registry.c
oci-registry: Fix leak by freeing certificates in finalize
2025-11-14 20:14:30 +05:30
flatpak-parental-controls-private.h
dir: Support filtering app installs/upgrades by user’s OARS settings
2019-10-03 10:42:04 +02:00
flatpak-parental-controls.c
common: Use g_info() for messages that will be shown by flatpak -v
2022-12-15 16:45:35 +00:00
flatpak-portal-error.c
common: Move flatpak-portal-error.[ch] back to common code
2018-04-26 07:41:17 +00:00
flatpak-portal-error.h
doc: Document FlatpakPortalError
2019-12-01 14:04:59 -05:00
flatpak-progress-private.h
FlatpakProgress: Clean up APIs for handling extra data
2020-03-27 17:23:13 +01:00
flatpak-progress.c
common: Use g_info() for messages that will be shown by flatpak -v
2022-12-15 16:45:35 +00:00
flatpak-prune-private.h
common: Explicitly include ostree.h where needed
2024-07-09 17:12:55 -03:00
flatpak-prune.c
prune: Move locking operations to execute only outside dry run
2025-04-30 14:00:20 +00:00
flatpak-ref-utils-private.h
common: Move declaration of get_compat_arch_reverse back to -utils
2023-07-03 20:07:57 +02:00
flatpak-ref-utils.c
ref-utils: Move flatpak_get_arch_for_ref() to here
2024-07-09 17:12:55 -03:00
flatpak-ref.c
utils: Remove unnecessary flatpak-ref-utils-private.h inclusion
2024-07-09 17:12:55 -03:00
flatpak-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-related-ref-private.h
Drop more collection_id use
2020-03-23 17:58:04 +01:00
flatpak-related-ref.c
Add a vim modeline and .editorconfig
2022-08-22 19:48:10 -07:00
flatpak-related-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-remote-private.h
lib: Only support FLATPAK_REMOTE_TYPE_STATIC remote types
2020-03-25 08:52:28 +01:00
flatpak-remote-ref-private.h
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-remote-ref.c
Fix "end of line" typo in internal #defines
2025-01-09 17:00:07 +01:00
flatpak-remote-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-remote.c
utils: Move more repository functionality to repo-utils
2024-07-09 17:12:55 -03:00
flatpak-remote.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-repo-utils-private.h
Fix "end of line" typo in internal #defines
2025-01-09 17:00:07 +01:00
flatpak-repo-utils.c
utils: Don't pass NULL remote to ostree_repo_get_remote_option
2025-11-14 20:14:30 +05:30
flatpak-run-cups-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-cups.c
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-dbus-private.h
context: Add --a11y-own-name
2024-08-29 14:11:50 -03:00
flatpak-run-dbus.c
run-dbus: Don't call GetAddress() if AT_SPI_BUS_ADDRESS is set
2025-03-31 12:41:32 +00:00
flatpak-run-private.h
run: Use O_PATH fds for the runtime and app deploy directories
2026-04-07 16:17:51 -04:00
flatpak-run-pulseaudio-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-pulseaudio.c
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-sockets-private.h
common: add support for Wayland security context
2023-08-24 12:17:53 +02:00
flatpak-run-sockets.c
wayland: Unset WAYLAND_DISPLAY, WAYLAND_SOCKET when socket is disabled
2025-03-27 20:04:13 +00:00
flatpak-run-wayland-private.h
wayland: Unset WAYLAND_DISPLAY, WAYLAND_SOCKET when socket is disabled
2025-03-27 20:04:13 +00:00
flatpak-run-wayland.c
wayland: Unset WAYLAND_DISPLAY, WAYLAND_SOCKET when socket is disabled
2025-03-27 20:04:13 +00:00
flatpak-run-x11-private.h
common: Split up socket setup from flatpak-run into multiple files
2023-05-15 19:54:51 +01:00
flatpak-run-x11.c
Use g_steal_fd()
2023-09-04 13:25:32 +01:00
flatpak-run.c
run: Use O_PATH fds for the runtime and app deploy directories
2026-04-07 16:17:51 -04:00
flatpak-syscalls-private.h
common: Add a list of recently-added Linux syscalls
2021-10-08 12:53:20 +02:00
flatpak-transaction-private.h
Transaction: Ensure we download the subsummary for the arch of added refs
2021-05-19 09:49:30 +02:00
flatpak-transaction.c
common: support reinstall option on bundle installations
2025-12-01 11:04:56 -05:00
flatpak-transaction.h
transaction: Add new flatpak_transaction_add_rebase_and_uninstall() API
2023-03-30 14:54:18 +02:00
flatpak-uri-private.h
uri: Don't do scheme-based normalization with GLib 2.66.x
2022-09-06 13:20:05 +02:00
flatpak-uri.c
uri: Don't rely on g_time_zone_new_offset()
2022-09-07 09:21:19 +02:00
flatpak-usb-private.h
context: Implement device lists for usb
2024-10-16 14:11:56 -03:00
flatpak-usb.c
context: Implement device lists for usb
2024-10-16 14:11:56 -03:00
flatpak-utils-base-private.h
common: Add flatpak_get_tzdir() helper
2024-06-21 11:12:57 -03:00
flatpak-utils-base.c
common: Simplify tzdir logic in flatpak_get_timezone
2024-06-21 11:12:57 -03:00
flatpak-utils-http-private.h
common: Implement /etc/containers/certs.d for OCI registries
2025-05-08 16:08:21 +00:00
flatpak-utils-http.c
http: Add cancellation support for curl downloads and error handling
2025-12-03 19:34:17 -05:00
flatpak-utils-private.h
utils: Add flatpak_parse_fd
2026-04-07 16:17:51 -04:00
flatpak-utils.c
utils: Add flatpak_parse_fd
2026-04-07 16:17:51 -04:00
flatpak-version-macros.h.in
doc: Fix a duplicate section
2019-12-02 07:45:51 -05:00
flatpak-xml-utils-private.h
xml-utils: Don't expose symbols that don't need to be visble
2024-05-03 13:21:29 +01:00
flatpak-xml-utils.c
xml-utils: Don't expose symbols that don't need to be visble
2024-05-03 13:21:29 +01:00
flatpak-zstd-decompressor-private.h
Add FlatpakZstdDecompressor converter (and libzstd dep)
2020-06-05 09:35:30 +02:00
flatpak-zstd-decompressor.c
oci: Make libzstd optional (and disable OCI deltas if not there)
2020-06-05 09:35:30 +02:00
flatpak.c
Merge lib/* into common
2018-05-24 11:59:52 +00:00
flatpak.h
Make FlatpakInstance api public
2018-10-08 08:36:23 +00:00
meson.build
build: fix build with -Ddefault_library=static
2025-02-15 12:33:28 +01:00
test-lib.c
build: Consistently include libglnx header as "libglnx.h"
2022-04-11 10:32:34 +02:00
valgrind-private.h
Fix misspellings
2019-04-08 12:50:42 +00:00