forked from Mirrors/flatpak-builder
Propagate Xauthority details to the sandbox if X11 is enabled
Some xservers out there (like xorg 1.17.1) have a broken server interpreted local xauth, which causes apps to fail to connect to the xserver. This fixes that by propagating Xauthority data such as the MIT-MAGIC-COOKIE-1.tingping/wmclass
parent
eedbeab9d0
commit
208eb7b1aa
|
@ -59,6 +59,9 @@ AC_SUBST(BASE_LIBS)
|
|||
PKG_CHECK_MODULES(SOUP, [libsoup-2.4])
|
||||
AC_SUBST(SOUP_CFLAGS)
|
||||
AC_SUBST(SOUP_LIBS)
|
||||
PKG_CHECK_MODULES(XAUTH, [xau])
|
||||
AC_SUBST(XAUTH_CFLAGS)
|
||||
AC_SUBST(XAUTH_LIBS)
|
||||
|
||||
PKG_CHECK_MODULES(OSTREE, [libgsystem >= 2015.1 ostree-1 >= 2015.3])
|
||||
AC_SUBST(OSTREE_CFLAGS)
|
||||
|
|
|
@ -42,4 +42,4 @@ xdg_document_portal_SOURCES = \
|
|||
$(NULL)
|
||||
|
||||
xdg_document_portal_LDADD = $(BASE_LIBS) $(FUSE_LIBS) libxdgapp.la
|
||||
xdg_document_portal_CFLAGS = $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(FUSE_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
|
||||
xdg_document_portal_CFLAGS = $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(XAUTH_LIBS) $(FUSE_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal
|
||||
|
|
|
@ -42,8 +42,8 @@ libxdgapp_la_SOURCES = \
|
|||
$(systemd_dbus_built_sources) \
|
||||
$(NULL)
|
||||
|
||||
libxdgapp_la_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) -I$(srcdir)/dbus-proxy
|
||||
libxdgapp_la_LIBADD = libglnx.la $(BASE_LIBS) $(OSTREE_LIBS) $(SOUP_LIBS)
|
||||
libxdgapp_la_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(XAUTH_CFLAGS) -I$(srcdir)/dbus-proxy
|
||||
libxdgapp_la_LIBADD = libglnx.la $(BASE_LIBS) $(OSTREE_LIBS) $(SOUP_LIBS) $(XAUTH_LIBS)
|
||||
|
||||
bin_PROGRAMS += \
|
||||
xdg-app-helper \
|
||||
|
|
|
@ -2278,19 +2278,24 @@ main (int argc,
|
|||
|
||||
if (stat (x11_socket, &st) == 0 && S_ISSOCK (st.st_mode))
|
||||
{
|
||||
char *xauth_path = strdup_printf ("/run/user/%d/Xauthority", uid);
|
||||
if (bind_mount (x11_socket, "tmp/.X11-unix/X99", 0))
|
||||
die ("can't bind X11 socket");
|
||||
|
||||
xsetenv ("DISPLAY", ":99.0", 1);
|
||||
xsetenv ("XAUTHORITY", xauth_path, 1);
|
||||
free (xauth_path);
|
||||
}
|
||||
else
|
||||
{
|
||||
xunsetenv ("DISPLAY");
|
||||
xunsetenv ("XAUTHORITY");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
xunsetenv ("DISPLAY");
|
||||
xunsetenv ("XAUTHORITY");
|
||||
}
|
||||
|
||||
/* Bind mount in the Wayland socket */
|
||||
|
|
|
@ -24,6 +24,9 @@
|
|||
#include <fcntl.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/utsname.h>
|
||||
|
||||
#include <X11/Xauth.h>
|
||||
|
||||
#include <gio/gio.h>
|
||||
#include "libgsystem.h"
|
||||
|
@ -34,6 +37,7 @@
|
|||
#include "xdg-app-utils.h"
|
||||
#include "xdg-app-systemd-dbus.h"
|
||||
|
||||
|
||||
typedef enum {
|
||||
XDG_APP_CONTEXT_SHARED_NETWORK = 1 << 0,
|
||||
XDG_APP_CONTEXT_SHARED_IPC = 1 << 1,
|
||||
|
@ -974,6 +978,58 @@ extract_unix_path_from_dbus_address (const char *address)
|
|||
return g_strndup (path, path_end - path);
|
||||
}
|
||||
|
||||
static gboolean auth_streq (char *str,
|
||||
char *au_str,
|
||||
int au_len)
|
||||
{
|
||||
return au_len == strlen (str) && memcmp (str, au_str, au_len) == 0;
|
||||
}
|
||||
|
||||
static void
|
||||
write_xauth (char *number, FILE *output)
|
||||
{
|
||||
Xauth *xa, local_xa;
|
||||
char *filename;
|
||||
FILE *f;
|
||||
struct utsname unames;
|
||||
|
||||
if (uname (&unames))
|
||||
{
|
||||
g_warning ("uname failed");
|
||||
return;
|
||||
}
|
||||
|
||||
filename = XauFileName ();
|
||||
f = fopen (filename, "rb");
|
||||
if (f == NULL)
|
||||
return;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
xa = XauReadAuth (f);
|
||||
if (xa == NULL)
|
||||
break;
|
||||
if (xa->family == FamilyLocal &&
|
||||
auth_streq (unames.nodename, xa->address, xa->address_length) &&
|
||||
(xa->number == NULL || auth_streq (number, xa->number, xa->number_length)))
|
||||
{
|
||||
local_xa = *xa;
|
||||
if (local_xa.number)
|
||||
{
|
||||
local_xa.number = "99";
|
||||
local_xa.number_length = 2;
|
||||
}
|
||||
|
||||
if (!XauWriteAuth(output, &local_xa))
|
||||
g_warning ("xauth write error");
|
||||
}
|
||||
|
||||
XauDisposeAuth(xa);
|
||||
}
|
||||
|
||||
fclose (f);
|
||||
}
|
||||
|
||||
static void
|
||||
xdg_app_run_add_x11_args (GPtrArray *argv_array)
|
||||
{
|
||||
|
@ -985,6 +1041,10 @@ xdg_app_run_add_x11_args (GPtrArray *argv_array)
|
|||
const char *display_nr = &display[1];
|
||||
const char *display_nr_end = display_nr;
|
||||
g_autofree char *d = NULL;
|
||||
g_autofree char *tmp_path = NULL;
|
||||
g_autofree char *path = NULL;
|
||||
int fd;
|
||||
FILE *output;
|
||||
|
||||
while (g_ascii_isdigit (*display_nr_end))
|
||||
display_nr_end++;
|
||||
|
@ -994,6 +1054,22 @@ xdg_app_run_add_x11_args (GPtrArray *argv_array)
|
|||
|
||||
g_ptr_array_add (argv_array, g_strdup ("-x"));
|
||||
g_ptr_array_add (argv_array, x11_socket);
|
||||
|
||||
fd = g_file_open_tmp ("xdg-app-xauth-XXXXXX", &tmp_path, NULL);
|
||||
if (fd >= 0)
|
||||
{
|
||||
output = fdopen (fd, "wb");
|
||||
if (output != NULL)
|
||||
{
|
||||
write_xauth (d, output);
|
||||
fclose (output);
|
||||
|
||||
g_ptr_array_add (argv_array, g_strdup ("-M"));
|
||||
g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/Xauthority=%s", getuid(), tmp_path));
|
||||
}
|
||||
else
|
||||
close (fd);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue