mirror of https://github.com/flatpak/flatpak.git synced 2026-03-26 10:54:59 -04:00

Go to file

Simon McVittie ca992c7862 run: Preserve X11 display number instead of redirecting it to :99

Suppose the user's "real" X11 display on the host is Xorg or Xwayland
listening on :42, but they also have an Xvfb server listening on :99.

If we change the X11 display number to the arbitrary value :99, and
the Flatpak sandbox shares its network namespace with the host, then
clients inside the Flatpak sandbox will prefer to connect to the
abstract socket @/tmp/.X11-unix/X99 (which is Xvfb), rather than the
filesystem-backed socket /tmp/.X11-unix/X99 in the sandbox (which is
really /tmp/.X11-unix/X42 on the host, i.e. Xorg or Xwayland).

If they're relying on Xauthority (MIT-MAGIC-COOKIE-1) for access
control (as many display managers do), then this will fail, because
we gave the sandboxed app access to the cookies for Xorg/Xwayland
(rewriting their display number from 42 to 99 as we did so), but
Xvfb does not accept those cookies.

If we're relying on `xhost +"si:localuser:$(id -nu)"` for access control
(as gdm does), then the Flatpak app will successfully (!) connect to
whatever is on :99, for example Xvfb or Xephyr, which is rarely what
anyone wants either.

Resolves: https://github.com/flatpak/flatpak/issues/3357
Signed-off-by: Simon McVittie <smcv@collabora.com>

2022-08-16 10:45:08 +02:00

.github

CI: Use CodeQL Action v2, not the deprecated v1

2022-06-28 18:26:45 -07:00

app

build-export: Don't warn on missing Exec= if DBusActivatable=true

2022-08-16 10:42:06 +02:00

buildutil

Fix misspellings

2019-04-08 12:50:42 +00:00

common

run: Preserve X11 display number instead of redirecting it to :99

2022-08-16 10:45:08 +02:00

completion

completion: bash completion files are not supposed to be executable

2021-08-23 12:19:03 +02:00

data

portal: Fix a typo in D-Bus API documentation

2021-06-15 14:51:54 +02:00

doc

Add DeploySideloadCollectionID flatpakref/flatpakrepo key

2022-08-16 10:37:36 +02:00

env.d

env.d, profile.d: Disable gvfs plugins during login

2021-01-11 11:07:26 +01:00

icon-validator

icon-validator: Don't make flatpak_get_bwrap() extern

2022-05-03 13:54:23 +02:00

Import ostree's compiler warnings, fix up callers

2017-03-27 10:42:36 +02:00

oci-authenticator

http utils: Make a generic FlatpakHttpSession instead of SoupSession

2022-06-16 13:49:45 +02:00

Update ru.po (#4975 )

2022-07-20 21:33:52 -05:00

portal

build: Consistently include libglnx header as "libglnx.h"

2022-04-11 10:32:34 +02:00

profile

Add a profile script for Fish

2021-11-15 10:44:55 +01:00

revokefs

Fix some warn_unused_result warnings

2021-10-12 13:50:14 -07:00

scripts

flatpak-bisect: Remove unused variable

2019-05-16 23:56:24 +00:00

selinux

selinux: Permit read access to symbolic links in /var/lib/flatpak

2022-07-20 20:43:54 -05:00

session-helper

session-helper: Add FLATPAK_HOST_COMMAND_FLAGS_NONE

2021-11-01 15:15:40 +00:00

sideload-repos-systemd

bash: fix issues identified through shellcheck

2021-08-23 12:19:03 +02:00

subprojects

Update xdg-dbus-proxy submodule to 0.1.4

2022-06-03 10:56:57 +02:00

system-helper

app: Port to libappstream

2022-02-17 08:29:20 -06:00

tests

Add DeploySideloadCollectionID flatpakref/flatpakrepo key

2022-08-16 10:37:36 +02:00

triggers

triggers: Use command -v in preference to which

2022-01-25 10:07:03 +01:00

.gitignore

.gitignore: Add tests/runtime-repo.stamp

2022-06-27 20:15:41 +01:00

.gitmodules

gitmodules: Update xdg-dbus-proxy branch

2022-02-07 13:19:07 -06:00

acinclude.m4

build: Add bison detection macro

2021-03-10 10:33:51 +01:00

autogen.sh

autogen.sh: Use command -v to check whether commands exist

2022-01-25 10:07:03 +01:00

CODE_OF_CONDUCT.md

Create CODE_OF_CONDUCT.md

2018-02-05 15:21:40 +00:00

configure.ac

build: Bump version to 1.13.3

2022-06-16 15:57:42 -07:00

CONTRIBUTING.md

CONTRIBUTING.md: Add instructions for using TESTS variable

2022-07-25 14:23:41 +01:00

COPYING

Add COPYING to reflect license headers

2015-03-31 15:36:29 +01:00

flatpak.pc.in

flatpak.pc: Move ostree-1 from Requires.private to Requires

2020-01-15 08:57:03 +01:00

flatpak.png

Add the logo to README.md

2016-06-02 18:05:22 -04:00

Makefile.am

common: Decouple flatpak-context-private.h from xdg-dbus-proxy

2022-04-11 10:32:34 +02:00

NEWS

Update NEWS for 1.13.3

2022-06-16 15:57:42 -07:00

README.md

Change references from "master" branch to "main" in docs and comments

2022-02-11 14:45:32 +01:00

SECURITY.md

Change references from "master" branch to "main" in docs and comments

2022-02-11 14:45:32 +01:00

uncrustify.cfg

Remove extra newlines in variable definiton blocks

2019-02-25 18:12:30 +00:00

uncrustify.sh

uncrustify: Exclude app/flatpak-polkit-agent-text-listener.[ch]

2019-02-25 18:12:30 +00:00

README.md

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.

See https://flatpak.org/ for more information.

Community discussion happens in #flatpak:matrix.org, on the mailing list, and on the Flathub Discourse.

Read documentation for Flatpak here.

Contributing

Flatpak welcomes contributions from anyone! Here are some ways you can help:

Fix one of the issues and submit a PR
Update flatpak's translations and submit a PR
Improve flatpak's documentation, hosted at http://docs.flatpak.org and developed over in flatpak-docs
Find a bug and submit a detailed report including your OS, flatpak version, and the steps to reproduce
Add your favorite application to Flathub by writing a flatpak-builder manifest and submitting it
Improve the Flatpak support in your favorite Linux distribution

Hacking

See CONTRIBUTING.md

Here are some notable projects in the Flatpak ecosystem:

Flatseal: An app for managing permissions of Flatpak apps without using the CLI
Flat-manager: A tool for managing Flatpak repositories

Languages

C 91.1%

Shell 5.1%

Python 1.8%

Meson 1.1%

Yacc 0.8%

README.md

Contributing

Hacking

Related Projects