Alexander Larsson
c382cfc212
lib: Fix compiler warning in test app
2015-12-15 08:44:50 +01:00
Alexander Larsson
e9d713cb96
lib: Better fix for old glib
2015-12-15 08:37:24 +01:00
Alexander Larsson
ca06b3e66f
lib: Fix build with older glib
2015-12-14 22:01:21 +01:00
Alexander Larsson
4177f358cb
common: Make it explicit that XdgAppError are portal errors
2015-12-08 12:16:38 +01:00
Alexander Larsson
a28ced36c7
lib: Add xdg_app_installation_load_app_overrides()
2015-12-08 11:48:22 +01:00
Alexander Larsson
8d576298ca
lib: Minor indentation cleanups
2015-12-08 11:02:32 +01:00
Alexander Larsson
a62f64d265
lib: Add xdg_app_remote_ref_fetch_metadata_sync helper
...
This does direct soup access on the repo. Not ideal, but good for now.
2015-12-08 11:01:13 +01:00
Alexander Larsson
ef93bd8d15
lib: Fix declaration of xdg_app_installed_ref_load_metadata
...
We changed this to not be const
2015-12-07 16:36:08 +01:00
Alexander Larsson
0fe5f6552a
lib: Add XdgAppDir to RemoteRef private
2015-12-07 16:35:53 +01:00
Alexander Larsson
d987501e02
lib: Always load installed ref metadata each time
...
This is needed in case it changes over time.
2015-12-07 16:31:01 +01:00
Alexander Larsson
188bb00b1b
lib: xdg_app_remote_fetch_ref_sync
...
For now this downloads the summary file each time.
2015-12-07 16:17:06 +01:00
Alexander Larsson
6558c812af
lib: Add some more debug spew to test-lib
2015-12-07 16:16:43 +01:00
Alexander Larsson
eca699ca5a
lib: Rename xdg_app_remote_list_refs to xdg_app_remote_list_refs_sync
2015-12-07 16:16:02 +01:00
Alexander Larsson
a8a7b28ce9
lib: Add remote_name to XdgAppRemoteRef
2015-12-07 16:14:52 +01:00
Alexander Larsson
5b1931dc8d
lib: Add xdg_app_installed_ref_launch()
2015-12-07 13:36:39 +01:00
Alexander Larsson
a4df4ff811
lib: Add XdgAppRemoteRef subclass
...
This doesn't do anything yet, but its a place to hang remote-specific
ops off.
2015-12-04 15:35:13 +01:00
Alexander Larsson
5fd830d3b0
lib: Make getters for XdgAppRemote return copies of strings for options
...
This makes it possible to handle the case when these options change
over time.
2015-12-04 11:46:32 +01:00
Alexander Larsson
1ba476bcbe
Merge pull request #90 from ebassi/introspection
...
Introspection
2015-12-04 11:42:47 +01:00
Alexander Larsson
ad7b379398
Add no-enumerate flag to remote and set if for bundle origin remotes
2015-12-04 11:40:51 +01:00
Emmanuele Bassi
c09375c855
Annotate transfer rules for ambiguous return values
...
This silences all the warnings from the introspection scanner.
2015-12-04 10:17:39 +00:00
Emmanuele Bassi
52ba736518
Add introspection support to libxdg-app
...
We may want to use it from non-C languages.
2015-12-04 09:55:40 +00:00
Alexander Larsson
2f6fc54897
lib: Use the new remote helpers
2015-12-04 10:49:16 +01:00
Emmanuele Bassi
82fa0659f9
build: Fix include path for builddir != srcdir
...
We need to add $(top_builddir)/lib to the inclusion path, otherwise the
build will fail.
This has broken gnome-continuous builds of xdg-app.
2015-12-04 01:13:45 +00:00
Alexander Larsson
132d1186d9
Initial version of libxdg-app
...
This is a highlevel library for working with xdg-app without using
the commandline interface. The primary usecase for this is for
creating a graphical frontend for app installation/update.
2015-12-03 22:41:16 +01:00
Alexander Larsson
106a5b06ec
Rename lib/ to common/ in preparation for public xdg-app library
2015-11-26 22:05:38 +01:00
Alexander Larsson
49af288937
Add standard errors needed for portal
2015-11-26 19:18:58 +01:00
Alexander Larsson
47c705db03
portals: Only give blanket access to session-*.scope systemd cgroup
...
This way we won't give false positives if the user systemd session is
not running.
2015-11-26 17:37:46 +01:00
Alexander Larsson
f5cadc018b
Support defining read-only filesystem access
...
If you do something like "--filesystem=host:ro" you get a read-only mount
of the specified filesystem location.
2015-11-26 17:22:37 +01:00
Alexander Larsson
612bf0d08c
xdg-app run: Fix support for --filesystem=~/dir
...
There was a typo here
2015-11-26 15:37:17 +01:00
Alexander Larsson
a16f0251ad
Remove unused helper function
2015-11-26 15:25:57 +01:00
Alexander Larsson
f710eb9322
Correct license, we're LGPL 2+, not 3+
...
Some files accidentally got the LGPL 3+ header, but we
want to be LGPL2+.
2015-11-26 14:50:21 +01:00
Alexander Larsson
787fdee634
Handle PWD env var correctly when spawning apps/builds
...
Propagate PWD to child, and use it (if correct) instead of getcwd
as the cwd and PWD in the child. This makes things nicer if the
PWD contains a symlink, as we avoid to resolve that symlink.
2015-11-25 13:43:22 +01:00
Alexander Larsson
dcd17f82a5
Add autoptr cleanup backport for SoupUri
2015-11-25 12:39:41 +01:00
Alexander Larsson
7962be90f2
deploy: Explicitly pull from the origin
...
If the same branch has been pulled from multiple origins, pick the current
one. This could happen e.g. during update if you change the origin.
2015-11-16 08:25:47 +01:00
Alexander Larsson
c6f4eccd04
lib: Export xdg_app_context_set_session_bus_policy
2015-11-11 11:26:03 +01:00
Alexander Larsson
13b3f19acc
Add install-bundle command
2015-11-11 09:38:39 +01:00
Alexander Larsson
368eb5f304
utils: Add xdg_app_supports_bundles
...
This uses some hacks to check at runtime if ostree is new enough
to support making bundles.
2015-11-10 11:57:30 +01:00
Alexander Larsson
d3b207a0d6
Create custom /etc/passwd and /etc/group with minimal content
...
There is no particular reason to leak the entire host passwd and group
files, as only the users uid/gid is mapped anyway. If fact, injecting
the tty group while also not being allowed to chmod the pty to that group
will make grantpt() fail.
2015-10-26 17:23:31 +01:00
Christian Hergert
f06a09b0f9
helper: unblock SIGCHILD before execvp() of child
...
We don't want to block SIGCHILD from being handled by the child process,
as that could be necessary for g_child_watch_add(), waitpid(), or similar.
2015-10-26 09:07:04 +01:00
Christian Hergert
f83224c948
helper: match whitespace to other options
2015-10-26 09:07:04 +01:00
Christian Hergert
14bd531121
helper: give xdg-app process access to /dev/ptmx
...
This is needed for posix_openpt() to locate the proper ptmx path. We can
just symlink into /dev/pts/ptmx which is already in the mount namespace.
2015-10-26 09:07:04 +01:00
Alexander Larsson
64d7c00045
Move dbus invocation peer app detection to lib/
2015-10-21 10:23:37 +02:00
Alexander Larsson
477de4c217
Always remove all leftover app/runtime traces on uninstall
...
Even if there is no deploy directory we make sure to remove any
refs with the same name in the repo, and purge the repo.
2015-10-19 10:41:47 +02:00
Alexander Larsson
9855ac23b4
utils: Add xdg_app_decompose_ref()
2015-10-19 10:41:47 +02:00
Alexander Larsson
c26510295f
helper: Also copy extra symlinks from /
2015-10-05 11:24:40 +02:00
Alexander Larsson
dbc92635cc
helper: Correctly zero terminate symlink targets
2015-10-05 11:24:26 +02:00
Alexander Larsson
208eb7b1aa
Propagate Xauthority details to the sandbox if X11 is enabled
...
Some xservers out there (like xorg 1.17.1) have a broken server interpreted
local xauth, which causes apps to fail to connect to the xserver.
This fixes that by propagating Xauthority data such as the MIT-MAGIC-COOKIE-1.
2015-10-01 21:23:23 +02:00
Alexander Larsson
eedbeab9d0
helper: Handle existing mounts with escaped characters
2015-10-01 18:59:32 +02:00
Alexander Larsson
279558b6bf
cleanup: Simplify code using xdg_app_fail
2015-09-28 16:54:24 +02:00
Alexander Larsson
b08f650b07
Add --nofilesystem commandline arg
2015-09-25 17:04:50 +02:00
Alexander Larsson
dc6c6826ab
utils: Add xdg_app_fail
2015-09-25 17:04:32 +02:00
Alexander Larsson
afda9d54c4
list-apps/runtimes: User table printer
2015-09-24 21:36:35 +02:00
Alexander Larsson
66e61764f3
list-remotes: Add support for listing both user and system remotes
2015-09-24 21:36:35 +02:00
Alexander Larsson
c40f2ad74e
Move table printer to xdg-app-utils.c
2015-09-24 21:36:35 +02:00
Alexander Larsson
41af86dc69
Add xdg-app enter command
...
This lets you enter a sandbox and run a command there, which is useful
for debugging purposes.
2015-09-24 19:23:24 +02:00
Alexander Larsson
1917e1fd38
Make seccomp optional
...
Several architectures does not have seccomp yet.
2015-09-24 14:57:53 +02:00
Alexander Larsson
3240ac6d3f
remove some unused code
2015-09-23 13:54:25 +02:00
Alexander Larsson
752b1a0a4b
run: Fix handling of which filesystems you can access
2015-09-23 13:53:04 +02:00
Alexander Larsson
727f50e923
xdg-app build: Support extensions
2015-09-22 13:57:20 +02:00
Alexander Larsson
3334c08f6e
run: When creating /etc symlinks, don't make symlinks to symlinks
...
Instead we just copy the original symlink. This makes things like
/etc/localtime symlink value parsing work.
2015-09-21 10:43:10 +02:00
Alexander Larsson
5e6960353d
Mount nvidia device nodes in sandbox if dri allowed
2015-09-18 14:15:56 +02:00
Alexander Larsson
5065e431a2
run: Allow perf and ptrace in debug and build mode.
...
Without this you can't e.g. run a debugger or profiler in the sandbox.
2015-09-18 14:11:15 +02:00
Alexander Larsson
645c433960
Fix distcheck issues
2015-09-17 20:24:04 +02:00
Alexander Larsson
f866097c94
Add XdgAppChainInputStream based on ostree version
...
This should really be in some library, but lets just copy it for now.
2015-09-17 15:27:04 +02:00
Alexander Larsson
7c788adb20
lib: Handle libsoup now having built-in autocleanup support
2015-09-17 10:56:14 +02:00
Alexander Larsson
7ef861cedf
Add new override builtin to override app permissions
2015-09-11 16:07:31 +02:00
Alexander Larsson
c87e7e4e4f
create dirs with 755, not 777
2015-09-11 15:30:39 +02:00
Alexander Larsson
9d1cfd7688
run: Support system overrides as well as per-user
2015-09-11 13:01:39 +02:00
Alexander Larsson
c702fa2555
XdgAppContext: Always initialize bitfields
2015-09-11 13:01:06 +02:00
Alexander Larsson
90718549ee
run: Read per-app override metadata file
2015-09-09 16:31:49 +02:00
Alexander Larsson
6d98e56c55
run: Never propagate DISPLAY if X socket not requested
...
This is just confusing.
2015-09-09 16:31:07 +02:00
Alexander Larsson
5610b97455
XdgAppContext: Properly handle masking things from parent context
...
This allows you to use things like --nosocket in build-finish to
override runtime defaults. But it is also a building block for
later changes.
2015-09-09 14:11:05 +02:00
Alexander Larsson
60fc11035e
db: Fix leak
2015-09-07 11:13:24 +02:00
Alexander Larsson
c0e480df94
Add xdg_app_mkstempat
...
This is like g_mkstemp except it uses openat
2015-09-03 22:17:00 +02:00
Alexander Larsson
58fb2c4e50
Markup AUTOLOCK with unused to avoid warnings
2015-09-03 22:16:43 +02:00
Colin Walters
8bbe3b3e41
helper: Add perf and ptrace to seccomp blacklist
...
Note that I copied this xdg-app blacklist into linux-user-chroot:
https://git.gnome.org/browse/linux-user-chroot/commit/?id=8cee4ab7345f126d1dec55b7ca1f28e8090a58d3
We should figure out a better way down the line to share code - maybe
we can share a setup-seccomp.c?
Possibly in the long run we'll end up with diverging blacklists, as
linux-user-chroot can be a lot more aggressive, as its primary
audience is build side, not generic applications. We'll see.
But in this patch I added a big comment on how we should share code,
and in particular credit sandstorm.io for some of these filters.
(Although they may have gotten some of them from Android or Chromium?)
Going back to the high level topic - let's add perf and ptrace to the
blacklist. We expect profiling to be done from a non-sandboxed
terminal, or a less-restricted IDE type process which can look at the
namespace of other apps and the desktop/kernel.
2015-09-02 09:08:06 +02:00
Alexander Larsson
6775dc1002
Use g_auto(GStrv) instead of glnx_strfreev
2015-08-31 09:51:48 +02:00
Colin Walters
bfeaccb822
Update libglnx, use its copy of backports
...
This fixes the build on GLib 2.42 at least - the conditionals for
g_strv_contains() weren't right. I'm trying to have libglnx also be a
centralized "glib backports" area, so having g_strv_contains() there
is better.
2015-08-31 09:40:45 +02:00
Alexander Larsson
f6657901c4
utils: Add AUTOLOCK macro
2015-08-27 19:42:15 +02:00
Alexander Larsson
d442e9bb4c
Fix const marking of string arrays.
2015-08-27 16:16:58 +02:00
Alexander Larsson
909aa7a762
Fix error check of policy parsing
2015-08-27 16:16:38 +02:00
Alexander Larsson
cbdd412d71
Fix type of return
2015-08-27 16:16:02 +02:00
Alexander Larsson
52525f46fd
Remove ununsed variables reported by clang
2015-08-27 16:13:15 +02:00
Alexander Larsson
12fbd9ff95
Make document portal use the new permission store
2015-08-26 17:11:35 +02:00
Alexander Larsson
c4e500db37
Add XdgAppError
2015-08-25 13:16:34 +02:00
Alexander Larsson
d9f9080967
Initial version of XdgAppDb
2015-08-25 13:16:31 +02:00
Alexander Larsson
2d0866cac8
gvdb: Add gvdb_table_get_content
...
This is useful if you want to apply outstanding changes to
a table withough immediately persisting it to disk.
2015-08-25 09:27:35 +02:00
Alexander Larsson
a9ffa4960d
Move gvdb to lib/
2015-08-25 09:27:35 +02:00
Alexander Larsson
ffa1acea75
Rename dbus file to org.freedesktop.XdgApp
2015-08-25 09:27:35 +02:00
Alexander Larsson
f76f6a39ef
document-portal: *always* use the by-app location
...
This is better as you can't accidentally access another apps docs (although
you can still see the backing real files)
2015-07-11 10:48:53 +02:00
Alexander Larsson
08d05a30a3
Automatically start and mount document portal in sandbox
2015-07-10 17:49:59 +02:00
Alexander Larsson
929071ad10
Import xdg-document-portal from github repo
...
This pulls in the daemon code from:
https://github.com/alexlarsson/xdg-document-portal/
We need this in xdg-app because we need to set up the mounts correctly.
2015-07-10 16:56:39 +02:00
Alexander Larsson
0040312b07
If home is accessible, make user-dirs.dir visible in custom config dir
...
This makes xdg user dirs work in the sandbox too.
2015-07-10 12:36:54 +02:00
Alexander Larsson
302f88e69d
Restructure directories and build
...
This moves a all source code into separate subdirs per binary. The
helper and the generic stuff goes into lib/ which is then used by all
the others. For now this is a completely internal library, but at
some point we will probably clean it up and expose some subset.
Also, we move the dbus proxy to libexecdir.
2015-07-10 12:15:45 +02:00