marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
503 Commits
6 Branches
0 Tags
8.5 MiB
Commit Graph

503 Commits (7c788adb204ca41a09df8e7b3c933cacbdb6e033)
 

Author SHA1 Message Date
Alexander Larsson 7c788adb20 lib: Handle libsoup now having built-in autocleanup support 2015-09-17 10:56:14 +02:00
Alexander Larsson 7ef861cedf Add new override builtin to override app permissions 2015-09-11 16:07:31 +02:00
Alexander Larsson c87e7e4e4f create dirs with 755, not 777 2015-09-11 15:30:39 +02:00
Alexander Larsson 9d1cfd7688 run: Support system overrides as well as per-user 2015-09-11 13:01:39 +02:00
Alexander Larsson c702fa2555 XdgAppContext: Always initialize bitfields 2015-09-11 13:01:06 +02:00
Alexander Larsson 931922c49d build-finish: Don't export hidden or backup files 2015-09-11 11:00:10 +02:00
Alexander Larsson 90718549ee run: Read per-app override metadata file 2015-09-09 16:31:49 +02:00
Alexander Larsson 6d98e56c55 run: Never propagate DISPLAY if X socket not requested 
This is just confusing.
 2015-09-09 16:31:07 +02:00
Alexander Larsson 4ca4f78483 document portal: Fix crashes when dbus activated 
We handle the first message (the activating message) before we
have gotten the name aquired message. Make sure that this
is correctly handled.
 2015-09-09 16:25:51 +02:00
Alexander Larsson 6abfb68faf run: Correctly report errors talking to document portal 2015-09-09 15:37:45 +02:00
Alexander Larsson 5610b97455 XdgAppContext: Properly handle masking things from parent context 
This allows you to use things like --nosocket in build-finish to
override runtime defaults. But it is also a building block for
later changes.
 2015-09-09 14:11:05 +02:00
Alexander Larsson 07a12a145a test-doc-portal: Add recursive file export test 2015-09-08 15:34:51 +02:00
Alexander Larsson ab97ea7da6 test-doc-portal: Work around GTestDbus env unsetting 2015-09-08 15:34:21 +02:00
Alexander Larsson 8c04d2b532 fuse: Add some more debug spew 2015-09-08 15:33:55 +02:00
Alexander Larsson d0773282a5 test-doc-portal: Fix unique boolean arg 2015-09-08 15:31:01 +02:00
Alexander Larsson 31837cdaa3 fuse: Drop DOC_DIR_INO_CLASS 
We can just use a APP_DOC_DIR_INO_CLASS with app_id 0.
This gets rid of some duplicated code.
 2015-09-08 15:23:18 +02:00
Alexander Larsson 42c6cd4574 document portal: Correctly handle recursive documents 
I.e. if you pass in a document fd to the document portal we
reuse the existing id.
 2015-09-08 14:53:14 +02:00
Alexander Larsson fa3eb15580 export-file: Print the full document pathname 2015-09-08 14:52:43 +02:00
Alexander Larsson af331d364f document portal: Move locking explicitly into portal handlers 
This is requires because do i/o on the passed in fd in add() and
if you pass in a fd on the fuse mount itself we deadlock.
 2015-09-08 14:23:27 +02:00
Alexander Larsson bbc6fa8835 document-portal: Allow dbus owner replacing 2015-09-08 12:18:14 +02:00
Alexander Larsson ad9f05397e fuse: Add some more debug spew 2015-09-08 11:15:31 +02:00
Alexander Larsson bb6e476f62 fuse: Raise entry cache times now that we invalidate 2015-09-08 11:15:05 +02:00
Alexander Larsson 8fe6a115f6 fuse: Properly invalidate inodes and entries 2015-09-08 11:09:40 +02:00
Alexander Larsson 18cc81d8a7 test-doc-portal: Launch the portal manually 
This allows us to get debug output
 2015-09-08 09:49:33 +02:00
Alexander Larsson 44f295c088 fuse: Add daemonizing switch 
This will be used for the tests
 2015-09-08 09:47:32 +02:00
Alexander Larsson 8af69c93af fuse: Unmount previous fuse instance if ENOTCONN 2015-09-08 09:33:44 +02:00
Alexander Larsson d79935bd4a Add minimal document portal tests 2015-09-07 17:17:44 +02:00
Alexander Larsson ed2763a0da export-file: Fix leak 2015-09-07 16:03:45 +02:00
Alexander Larsson 60fc11035e db: Fix leak 2015-09-07 11:13:24 +02:00
Alexander Larsson d50284c7a6 Add check-valgrind target 2015-09-07 11:13:21 +02:00
Alexander Larsson 2f115c89af document-portal: Actually respect WRITE permissions 2015-09-04 17:00:37 +02:00
Alexander Larsson 4be7bdc0f5 export-files: Allow specifying app permissions 2015-09-04 15:39:03 +02:00
Alexander Larsson 6cf4d24a09 document-portal: Use xdg_app_is_valid_name() to validate app names 2015-09-04 14:50:02 +02:00
Alexander Larsson 7ad47c74ea document-portals: Support unique documents 
These document id will not be shared for multiple users. The main
difference is this this makes it safe for the creating app to delete
the document if he wants to (i.e. for temporary docs), and thus we can
grant this additional permission for the calling app.
 2015-09-04 14:46:02 +02:00
Alexander Larsson 83201bd7e4 fuse: Always open files with O_NOFOLLOW 
Following symlinks is risky as the sandbox may control them.
 2015-09-04 14:16:45 +02:00
Alexander Larsson 0c07417d5f Add debug output for release 2015-09-03 22:17:00 +02:00
Alexander Larsson 1f81b81b1a Add xdg-app export-file to export files with the document portal 2015-09-03 22:17:00 +02:00
Alexander Larsson 04879fdea5 Store and verify parent dir dev/ino and pass O_PATH fds 
In order to be robust against symlink attacks (i.e. make a document
for a path, then replace it with a symlink somewhere else and have the
portal read that instead) we store the parent dev/ino when we create
the document id and always verify that (atomically with the *at
syscalls) on each use.

Also, we pass O_PATH fds when creating documents, as it allows us
to be a bit safer. For instance we can verify that the fd is a O_PATH
fd before doing any ops on it, and it makes it possible to avoid other
symlink trickery.

Also, we drop the double add methods, and just use the O_PATH version.
 2015-09-03 22:17:00 +02:00
Alexander Larsson c0e480df94 Add xdg_app_mkstempat 
This is like g_mkstemp except it uses openat
 2015-09-03 22:17:00 +02:00
Alexander Larsson 4a298aeec3 fuse: Make filesystem multithreaded 
This allows us to handle multiple apps better.
 2015-09-03 22:16:43 +02:00
Alexander Larsson 58fb2c4e50 Markup AUTOLOCK with unused to avoid warnings 2015-09-03 22:16:43 +02:00
Colin Walters 8bbe3b3e41 helper: Add perf and ptrace to seccomp blacklist 
Note that I copied this xdg-app blacklist into linux-user-chroot:
https://git.gnome.org/browse/linux-user-chroot/commit/?id=8cee4ab7345f126d1dec55b7ca1f28e8090a58d3

We should figure out a better way down the line to share code - maybe
we can share a setup-seccomp.c?

Possibly in the long run we'll end up with diverging blacklists, as
linux-user-chroot can be a lot more aggressive, as its primary
audience is build side, not generic applications.  We'll see.

But in this patch I added a big comment on how we should share code,
and in particular credit sandstorm.io for some of these filters.
(Although they may have gotten some of them from Android or Chromium?)

Going back to the high level topic - let's add perf and ptrace to the
blacklist.  We expect profiling to be done from a non-sandboxed
terminal, or a less-restricted IDE type process which can look at the
namespace of other apps and the desktop/kernel.
 2015-09-02 09:08:06 +02:00
Alexander Larsson 6775dc1002 Use g_auto(GStrv) instead of glnx_strfreev 2015-08-31 09:51:48 +02:00
Colin Walters bfeaccb822 Update libglnx, use its copy of backports 
This fixes the build on GLib 2.42 at least - the conditionals for
g_strv_contains() weren't right.  I'm trying to have libglnx also be a
centralized "glib backports" area, so having g_strv_contains() there
is better.
 2015-08-31 09:40:45 +02:00
Colin Walters 0a6d02ec78 autogen: Fix git submodules 
We don't have bsdiff here.
 2015-08-31 09:40:45 +02:00
Alexander Larsson f6657901c4 utils: Add AUTOLOCK macro 2015-08-27 19:42:15 +02:00
Alexander Larsson d442e9bb4c Fix const marking of string arrays. 2015-08-27 16:16:58 +02:00
Alexander Larsson 909aa7a762 Fix error check of policy parsing 2015-08-27 16:16:38 +02:00
Alexander Larsson cbdd412d71 Fix type of return 2015-08-27 16:16:02 +02:00
Alexander Larsson e5e5389bb3 dbus-proxy: Avoid clang warning 2015-08-27 16:15:35 +02:00