mirror of https://github.com/flatpak/flatpak.git synced 2026-04-02 22:34:25 -04:00

Go to file

Simon McVittie 7c63e53bb2 persist directories: Pass using new bwrap --bind-fd option

Instead of passing a /proc/self/fd bind mount we use --bind-fd, which
has two advantages:
 * bwrap closes the fd when used, so it doesn't leak into the started app
 * bwrap ensures that what was mounted was the passed in fd (same dev/ino),
   as there is a small (required) gap between symlink resolve and mount
   where the target path could be replaced.

Please note that this change requires an updated version of bubblewrap.

Resolves: CVE-2024-42472, GHSA-7hgv-f2j8-xw87
[smcv: Make whitespace consistent]
Co-authored-by: Simon McVittie <smcv@collabora.com>
Signed-off-by: Simon McVittie <smcv@collabora.com>

2024-08-14 13:45:33 +01:00

.github

workflows: Disable Microsoft-specific apt repository

2024-04-24 18:14:43 +01:00

app

ps: Add gnome to background portal backend list

2024-04-24 18:20:07 +01:00

buildutil

Fix misspellings

2019-04-08 12:50:42 +00:00

common

persist directories: Pass using new bwrap --bind-fd option

2024-08-14 13:45:33 +01:00

completion

completion: bash completion files are not supposed to be executable

2021-08-23 12:19:03 +02:00

data

data: Remove all /var/tmp/flatpak-cache-* directories on boot

2023-11-14 21:32:43 +00:00

doc

doc: Fix multiple validation errors in docbook.

2024-04-24 18:20:07 +01:00

env.d

env.d, profile.d: Disable gvfs plugins during login

2021-01-11 11:07:26 +01:00

icon-validator

automake: Consistently include $(AM_CFLAGS) in target-specific CFLAGS

2022-11-17 17:54:47 +00:00

Import ostree's compiler warnings, fix up callers

2017-03-27 10:42:36 +02:00

oci-authenticator

daemons: Treat g_info() as equivalent to g_debug()

2023-01-30 11:51:00 +00:00

Update translation files for 1.14.8

2024-04-30 10:52:59 -03:00

portal

portal, session-helper: Save original environment and use it for child

2023-11-14 21:33:37 +00:00

profile

profile: Unset temporary variable

2024-04-24 18:20:07 +01:00

revokefs

revokefs: Always bypass page cache for backend requests

2023-11-14 21:29:06 +00:00

scripts

flatpak-bisect: Remove unused variable

2019-05-16 23:56:24 +00:00

selinux

selinux: Permit read access to symbolic links in /var/lib/flatpak

2022-07-20 20:43:54 -05:00

session-helper

portal, session-helper: Save original environment and use it for child

2023-11-14 21:33:37 +00:00

sideload-repos-systemd

data: Remove all /var/tmp/flatpak-cache-* directories on boot

2023-11-14 21:32:43 +00:00

subprojects

build: Require a version of bubblewrap with the --bind-fd option

2024-08-14 13:45:04 +01:00

system-helper

daemons: Treat g_info() as equivalent to g_debug()

2023-01-30 11:51:00 +00:00

tests

Add test coverage for --persist

2024-08-14 13:43:54 +01:00

triggers

triggers: Use command -v in preference to which

2022-01-25 10:07:03 +01:00

.editorconfig

Add a vim modeline and .editorconfig

2022-08-22 19:48:10 -07:00

.gitignore

.gitignore: Add tests/runtime-repo.stamp

2022-06-27 20:15:41 +01:00

.gitmodules

Revert ".gitmodules: Temporarily fetch from Github mirror of libglnx"

2022-11-18 13:32:33 +00:00

acinclude.m4

build: Add bison detection macro

2021-03-10 10:33:51 +01:00

autogen.sh

autogen.sh: Use command -v to check whether commands exist

2022-01-25 10:07:03 +01:00

CODE_OF_CONDUCT.md

Create CODE_OF_CONDUCT.md

2018-02-05 15:21:40 +00:00

configure.ac

build: Require a version of bubblewrap with the --bind-fd option

2024-08-14 13:45:04 +01:00

CONTRIBUTING.md

CONTRIBUTING.md: Add instructions for using TESTS variable

2022-07-25 14:23:41 +01:00

COPYING

Add COPYING to reflect license headers

2015-03-31 15:36:29 +01:00

flatpak.pc.in

flatpak.pc: Add httpbackend variable for curl/libsoup detection

2022-10-28 13:07:15 +01:00

flatpak.png

README: update logo

2022-10-28 13:07:15 +01:00

Makefile.am

data: Remove all /var/tmp/flatpak-cache-* directories on boot

2023-11-14 21:32:43 +00:00

NEWS

Update NEWS

2024-08-12 18:49:32 +01:00

README.md

Change references from "master" branch to "main" in docs and comments

2022-02-11 14:45:32 +01:00

SECURITY.md

doc: 1.12.x, 1.10.x are no longer security-supported

2024-08-09 17:30:53 +01:00

uncrustify.cfg

Remove extra newlines in variable definiton blocks

2019-02-25 18:12:30 +00:00

uncrustify.sh

uncrustify: Exclude app/flatpak-polkit-agent-text-listener.[ch]

2019-02-25 18:12:30 +00:00

README.md

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

See https://flatpak.org/ for more information.

Community discussion happens in #flatpak:matrix.org, on the mailing list, and on the Flathub Discourse.

Read documentation for Flatpak here.

Contributing

Flatpak welcomes contributions from anyone! Here are some ways you can help:

Fix one of the issues and submit a PR
Update flatpak's translations and submit a PR
Improve flatpak's documentation, hosted at http://docs.flatpak.org and developed over in flatpak-docs
Find a bug and submit a detailed report including your OS, flatpak version, and the steps to reproduce
Add your favorite application to Flathub by writing a flatpak-builder manifest and submitting it
Improve the Flatpak support in your favorite Linux distribution

Hacking

See CONTRIBUTING.md

Here are some notable projects in the Flatpak ecosystem:

Flatseal: An app for managing permissions of Flatpak apps without using the CLI
Flat-manager: A tool for managing Flatpak repositories

Languages

C 91%

Shell 5.1%

Python 1.8%

Meson 1.2%

Yacc 0.8%

README.md

Contributing

Hacking

Related Projects