marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
576 Commits
6 Branches
0 Tags
8.5 MiB
Commit Graph

576 Commits (a418641892e930f50267a01554af2d6051610b5c)
 

Author SHA1 Message Date
Dan Nicholson 163b582a72 helper: Disable socket filters on x86 
Filtering on socket related syscalls are not possible on x86. See
https://github.com/seccomp/libseccomp/issues/8. Disable socket filtering
until a better solution comes along.

https://bugs.freedesktop.org/show_bug.cgi?id=91162
 2015-06-30 23:05:38 +02:00
Alexander Larsson 653e71d006 run: Make users fonts appear in /run/host/user-fonts 2015-06-30 20:04:05 +02:00
Alexander Larsson 22bdf350db helper: Fix typo in the socket-family blacklist 
We want greater-or-equal on the last family in the list, not on the
other families.
 2015-06-29 23:00:50 +02:00
Alexander Larsson 4f73eaf10b Bump version to 0.3.5 2015-06-24 14:46:51 +02:00
Alexander Larsson c7a05ae781 profile: Don't override pre-existing XDG_DATA_DIRS env vars 2015-06-24 09:31:50 +02:00
Alexander Larsson 0774aa39e2 Add xdg-app.env file for gdm 2015-06-23 11:40:11 +02:00
Alexander Larsson c5a2bb2b07 xdg-app.sh: /usr/local/share is also in the default XDG_DATA_DIRS 2015-06-23 11:38:55 +02:00
Alexander Larsson 536f1e5e3e Bump version to 0.3.4 2015-06-23 10:54:39 +02:00
Alexander Larsson f39af8d75e Avoid unnecessary escapes in desktop file exports 
Strings that are regular can be used as-is rather than escaping.
This is estetically nicer, but it also allows apps that don't fully
unescape things to work better. For instance, gnome-shell didn't like
if %U is escaped.
 2015-06-23 10:52:28 +02:00
Alexander Larsson 9ae639ab77 Bump version to 0.3.3 2015-06-23 09:52:28 +02:00
Alexander Larsson d52c09165c configure: Add checks for docbook xsl/dtd 2015-06-17 17:10:41 +02:00
Alexander Larsson 06cbbf9965 helper: No need for a tmpfs on /dev these days 
We used to have this because / has nodev, but thats not needed
anymore as we now have bind-mounts to devices.
 2015-06-17 16:59:06 +02:00
Alexander Larsson 9a8c32364a helper: Remove noremount hack now that we keep old mount flags 2015-06-17 16:59:06 +02:00
Alexander Larsson 5da240c24f helper: Keep any existing old mount flags when remounting 2015-06-17 16:59:02 +02:00
Alexander Larsson 53fc3413ea Bump version to 0.3.2 2015-06-16 16:34:49 +02:00
Alexander Larsson 14c678b1c6 update: Don't remove existing deployment if there was no updates 2015-06-16 16:33:52 +02:00
Alexander Larsson a39197c60c Bump version to 0.3.1 2015-06-04 16:03:26 +02:00
Alexander Larsson e856962cc4 helper: Clean up launched command line 2015-06-02 15:51:58 +02:00
Alexander Larsson d781e27094 run: If session helper not available, bind-mount /etc/resolv.conf 
This helps in e.g development environments
 2015-06-02 13:36:11 +02:00
Alexander Larsson 8241165848 helper: Don't fail if ~/.local/share/xdg-app does not exist 2015-06-02 13:33:57 +02:00
Alexander Larsson dc5431fb98 helper: Make ~/.local/share/xdg-app read-only in sandbox 
There should never be a need to install or modify apps
from inside the sandbox.
 2015-06-02 11:46:15 +02:00
Alexander Larsson b1aa93a9d4 Use seccomp to limit allowed syscalls 
We disallow any network family but inet, inet6, unix and netlink
as the rest are generally weird old unused things.

We also have a blacklist of syscalls, some are just old unnecessary
things, some are things that are "risky", like NUMA/VM control, and
setting up custom sub-namespaces.
 2015-06-02 11:14:27 +02:00
Alexander Larsson 811c512e56 helper: Make all helper functions static 
Also, remove unused ones
 2015-06-02 09:57:23 +02:00
Alexander Larsson 61012949d7 helper: Fix thinko due to create_file() return type change 
This broke wayland/dbus socket support
 2015-06-01 16:23:46 +02:00
Alexander Larsson 05ddc17ee2 Make /var/cache persistent (in app-data cache dir) 
This is nice as it makes the fontconfig cache persist, which is needed
for e.g. the host fonts to not take a long time each time you start an
app.
 2015-06-01 16:03:33 +02:00
Alexander Larsson 7ebbba1d64 Show version when listing apps and runtimes 2015-06-01 13:32:48 +02:00
Alexander Larsson e6df651528 Show source repo when listing apps and runtimes 2015-06-01 13:28:19 +02:00
Alexander Larsson 3cf4a0d7e6 Use xdg_app_dir_get_origin helper 2015-06-01 13:28:03 +02:00
Alexander Larsson c1b2a67a84 Add xdg_app_dir_get_origin() helper 2015-06-01 13:27:41 +02:00
Alexander Larsson 50b3de3728 helper: Optionally add back setuid support 
If you don't have userns support in your kernel you can use this.
The future lies with userns though, so it is the default.
 2015-05-29 10:46:10 +02:00
Alexander Larsson 31692b6ab2 helper: Minor cleanup of uid/gid handling 2015-05-28 22:28:37 +02:00
Alexander Larsson 2c0c21744f helper: Drop setuid and use user namespaces 2015-05-28 22:02:31 +02:00
Alexander Larsson 8b7822ff07 helper: Only call get[ug]id() once at the start 
Since the uid keeps changing during the runtime of the helper this makes things
much less complicated.
 2015-05-28 21:59:34 +02:00
Alexander Larsson d12c3cd09f run: Fix typo that broke env var support 2015-05-26 14:48:54 +02:00
Alexander Larsson c6b6ba5095 Bump version to 0.3.0 2015-05-26 13:53:11 +02:00
Alexander Larsson 49bea07b74 build: Remove duplicated helper arguments 2015-05-25 21:36:56 +02:00
Alexander Larsson 3a20c07280 build: Always allow host fs access 2015-05-25 21:36:36 +02:00
Alexander Larsson 1a68b0bbf2 helper: Fix errors caused by create_file() return value change 2015-05-25 21:36:04 +02:00
Alexander Larsson 16b46d3579 Update docs for new run command line options 2015-05-25 16:01:33 +02:00
Alexander Larsson 2cb54a711e helper: Remove backwars compat /self symlink 
We've broken the format anyway.
 2015-05-25 15:37:12 +02:00
Alexander Larsson 111eff480e run: Remove hardcoded GI_TYPELIB_PATH 
This is now better done in the [Environment] part of
the runtime metadata
 2015-05-25 15:35:54 +02:00
Alexander Larsson 7f6d801d8e Context: Finish support for filesystems 
You can now expose absolute paths, ~/foo paths, or xdg-* paths which
expands to xdg user dirs.
 2015-05-25 15:28:29 +02:00
Alexander Larsson 15df2884a6 helper: Add support for moving files into sandbox 
If you do -Mfoo=bar, then bar will be copied to foo and then unlinked.
 2015-05-25 15:26:33 +02:00
Alexander Larsson 26f2e1bb29 helper: If old CWD is not mapped, use $HOME 2015-05-25 12:22:03 +02:00
Alexander Larsson ee867058a9 Add support for persistent homedirectory dirs 2015-05-25 11:30:53 +02:00
Alexander Larsson 5521bf7ebd helper: Add support for read/write extra dirs 2015-05-25 11:30:38 +02:00
Alexander Larsson b862cdb6aa Make extra_dirs and lock_dirs dynammic 
This way we don't get an artificial max size.
 2015-05-25 11:24:12 +02:00
Alexander Larsson 942e4bcdb6 Convert all builtins to the new metadata/arg formats using XdgAppContext 2015-05-22 16:55:45 +02:00
Alexander Larsson 7ba3d09e29 Add new XdgAppContext helper object 
This will replace all the custom handling of context options
for metadata files and command line args. It also changes how
the permissions etc are serialized in the metadata files to a
saner format.
 2015-05-22 16:52:25 +02:00
Alexander Larsson 8ffacee14c Change /self to /app 
This changes the application prefix to /app, which has the
advantage of being the same length as /usr. This may help
making some packages relocatable.

We make /self a symlink to /app for now, to keep existing images
work, but at some point we will probably remove this.
 2015-05-21 18:54:06 +02:00