marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
flatpak-builder/common/flatpak-run.c

4397 lines
137 KiB
C
Raw Blame History

/*
* Copyright © 2014 Red Hat, Inc
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
* Authors:
* Alexander Larsson <alexl@redhat.com>
*/
#include "config.h"
#include <string.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/utsname.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <grp.h>
#ifdef ENABLE_SECCOMP
#include <seccomp.h>
#endif
#ifdef ENABLE_XAUTH
#include <X11/Xauth.h>
#endif
#include <glib/gi18n.h>
#include <gio/gio.h>
#include "libglnx/libglnx.h"
#include "flatpak-run.h"
#include "flatpak-proxy.h"
#include "flatpak-utils.h"
#include "flatpak-dir.h"
#include "flatpak-systemd-dbus.h"
#define DEFAULT_SHELL "/bin/sh"
typedef enum {
FLATPAK_CONTEXT_SHARED_NETWORK = 1 << 0,
FLATPAK_CONTEXT_SHARED_IPC = 1 << 1,
} FlatpakContextShares;
/* In numerical order of more privs */
typedef enum {
FLATPAK_FILESYSTEM_MODE_READ_ONLY = 1,
FLATPAK_FILESYSTEM_MODE_READ_WRITE = 2,
FLATPAK_FILESYSTEM_MODE_CREATE = 3,
} FlatpakFilesystemMode;
/* Same order as enum */
const char *flatpak_context_shares[] = {
"network",
"ipc",
NULL
};
typedef enum {
FLATPAK_CONTEXT_SOCKET_X11 = 1 << 0,
FLATPAK_CONTEXT_SOCKET_WAYLAND = 1 << 1,
FLATPAK_CONTEXT_SOCKET_PULSEAUDIO = 1 << 2,
FLATPAK_CONTEXT_SOCKET_SESSION_BUS = 1 << 3,
FLATPAK_CONTEXT_SOCKET_SYSTEM_BUS = 1 << 4,
} FlatpakContextSockets;
/* Same order as enum */
const char *flatpak_context_sockets[] = {
"x11",
"wayland",
"pulseaudio",
"session-bus",
"system-bus",
NULL
};
const char *dont_mount_in_root[] = {
".", "..", "lib", "lib32", "lib64", "bin", "sbin", "usr", "boot", "root",
"tmp", "etc", "app", "run", "proc", "sys", "dev", "var", NULL
};
/* We don't want to export paths pointing into these, because they are readonly
(so we can't create mountpoints there) and don't match whats on the host anyway */
const char *dont_export_in[] = {
"/lib/", "/lib32/", "/lib64/", "/bin/", "/sbin/", "/usr/", "/etc/", "/app/", NULL
};
typedef enum {
FLATPAK_CONTEXT_DEVICE_DRI = 1 << 0,
FLATPAK_CONTEXT_DEVICE_ALL = 1 << 1,
FLATPAK_CONTEXT_DEVICE_KVM = 1 << 2,
} FlatpakContextDevices;
const char *flatpak_context_devices[] = {
"dri",
"all",
"kvm",
NULL
};
typedef enum {
FLATPAK_CONTEXT_FEATURE_DEVEL = 1 << 0,
FLATPAK_CONTEXT_FEATURE_MULTIARCH = 1 << 1,
} FlatpakContextFeatures;
const char *flatpak_context_features[] = {
"devel",
"multiarch",
NULL
};
static gboolean
add_dbus_proxy_args (GPtrArray *argv_array,
GPtrArray *dbus_proxy_argv,
gboolean enable_logging,
int sync_fds[2],
const char *app_info_path,
GError **error);
struct FlatpakContext
{
FlatpakContextShares shares;
FlatpakContextShares shares_valid;
FlatpakContextSockets sockets;
FlatpakContextSockets sockets_valid;
FlatpakContextDevices devices;
FlatpakContextDevices devices_valid;
FlatpakContextFeatures features;
FlatpakContextFeatures features_valid;
GHashTable *env_vars;
GHashTable *persistent;
GHashTable *filesystems;
GHashTable *session_bus_policy;
GHashTable *system_bus_policy;
GHashTable *generic_policy;
};
FlatpakContext *
flatpak_context_new (void)
{
FlatpakContext *context;
context = g_slice_new0 (FlatpakContext);
context->env_vars = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
context->persistent = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
context->filesystems = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
context->session_bus_policy = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
context->system_bus_policy = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
context->generic_policy = g_hash_table_new_full (g_str_hash, g_str_equal,
g_free, (GDestroyNotify)g_strfreev);
return context;
}
void
flatpak_context_free (FlatpakContext *context)
{
g_hash_table_destroy (context->env_vars);
g_hash_table_destroy (context->persistent);
g_hash_table_destroy (context->filesystems);
g_hash_table_destroy (context->session_bus_policy);
g_hash_table_destroy (context->system_bus_policy);
g_hash_table_destroy (context->generic_policy);
g_slice_free (FlatpakContext, context);
}
static guint32
flatpak_context_bitmask_from_string (const char *name, const char **names)
{
guint32 i;
for (i = 0; names[i] != NULL; i++)
{
if (strcmp (names[i], name) == 0)
return 1 << i;
}
return 0;
}
static char **
flatpak_context_bitmask_to_string (guint32 enabled, guint32 valid, const char **names)
{
guint32 i;
GPtrArray *array;
array = g_ptr_array_new ();
for (i = 0; names[i] != NULL; i++)
{
guint32 bitmask = 1 << i;
if (valid & bitmask)
{
if (enabled & bitmask)
g_ptr_array_add (array, g_strdup (names[i]));
else
g_ptr_array_add (array, g_strdup_printf ("!%s", names[i]));
}
}
g_ptr_array_add (array, NULL);
return (char **) g_ptr_array_free (array, FALSE);
}
static void
flatpak_context_bitmask_to_args (guint32 enabled, guint32 valid, const char **names,
const char *enable_arg, const char *disable_arg,
GPtrArray *args)
{
guint32 i;
for (i = 0; names[i] != NULL; i++)
{
guint32 bitmask = 1 << i;
if (valid & bitmask)
{
if (enabled & bitmask)
g_ptr_array_add (args, g_strdup_printf ("%s=%s", enable_arg, names[i]));
else
g_ptr_array_add (args, g_strdup_printf ("%s=%s", disable_arg, names[i]));
}
}
}
static FlatpakContextShares
flatpak_context_share_from_string (const char *string, GError **error)
{
FlatpakContextShares shares = flatpak_context_bitmask_from_string (string, flatpak_context_shares);
if (shares == 0)
{
g_autofree char *values = g_strjoinv (", ", (char **)flatpak_context_shares);
g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
_("Unknown share type %s, valid types are: %s"), string, values);
}
return shares;
}
static char **
flatpak_context_shared_to_string (FlatpakContextShares shares, FlatpakContextShares valid)
{
return flatpak_context_bitmask_to_string (shares, valid, flatpak_context_shares);
}
static void
flatpak_context_shared_to_args (FlatpakContextShares shares,
FlatpakContextShares valid,
GPtrArray *args)
{
return flatpak_context_bitmask_to_args (shares, valid, flatpak_context_shares, "--share", "--unshare", args);
}
static FlatpakPolicy
flatpak_policy_from_string (const char *string, GError **error)
{
const char *policies[] = { "none", "see", "talk", "own", NULL };
int i;
g_autofree char *values = NULL;
for (i = 0; policies[i]; i++)
{
if (strcmp (string, policies[i]) == 0)
return i;
}
values = g_strjoinv (", ", (char **)policies);
g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
_("Unknown policy type %s, valid types are: %s"), string, values);
return -1;
}
static const char *
flatpak_policy_to_string (FlatpakPolicy policy)
{
if (policy == FLATPAK_POLICY_SEE)
return "see";
if (policy == FLATPAK_POLICY_TALK)
return "talk";
if (policy == FLATPAK_POLICY_OWN)
return "own";
return "none";
}
static gboolean
flatpak_verify_dbus_name (const char *name, GError **error)
{
const char *name_part;
g_autofree char *tmp = NULL;
if (g_str_has_suffix (name, ".*"))
{
tmp = g_strndup (name, strlen (name) - 2);
name_part = tmp;
}
else
{
name_part = name;
}
if (g_dbus_is_name (name_part) && !g_dbus_is_unique_name (name_part))
return TRUE;
g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
_("Invalid dbus name %s\n"), name);
return FALSE;
}
static FlatpakContextSockets
flatpak_context_socket_from_string (const char *string, GError **error)
{
FlatpakContextSockets sockets = flatpak_context_bitmask_from_string (string, flatpak_context_sockets);
if (sockets == 0)
{
g_autofree char *values = g_strjoinv (", ", (char **)flatpak_context_sockets);
g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
_("Unknown socket type %s, valid types are: %s"), string, values);
}
return sockets;
}
static char **
flatpak_context_sockets_to_string (FlatpakContextSockets sockets, FlatpakContextSockets valid)
{
return flatpak_context_bitmask_to_string (sockets, valid, flatpak_context_sockets);
}
static void
flatpak_context_sockets_to_args (FlatpakContextSockets sockets,
FlatpakContextSockets valid,
GPtrArray *args)
{
return flatpak_context_bitmask_to_args (sockets, valid, flatpak_context_sockets, "--socket", "--nosocket", args);
}
static FlatpakContextDevices
flatpak_context_device_from_string (const char *string, GError **error)
{
FlatpakContextDevices devices = flatpak_context_bitmask_from_string (string, flatpak_context_devices);
if (devices == 0)
{
g_autofree char *values = g_strjoinv (", ", (char **)flatpak_context_devices);
g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
_("Unknown device type %s, valid types are: %s"), string, values);
}
return devices;
}
static char **
flatpak_context_devices_to_string (FlatpakContextDevices devices, FlatpakContextDevices valid)
{
return flatpak_context_bitmask_to_string (devices, valid, flatpak_context_devices);
}
static void
flatpak_context_devices_to_args (FlatpakContextDevices devices,
FlatpakContextDevices valid,
GPtrArray *args)
{
return flatpak_context_bitmask_to_args (devices, valid, flatpak_context_devices, "--device", "--nodevice", args);
}
static FlatpakContextFeatures
flatpak_context_feature_from_string (const char *string, GError **error)
{
FlatpakContextFeatures feature = flatpak_context_bitmask_from_string (string, flatpak_context_features);
if (feature == 0)
{
g_autofree char *values = g_strjoinv (", ", (char **)flatpak_context_features);
g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
_("Unknown feature type %s, valid types are: %s"), string, values);
}
return feature;
}
static char **
flatpak_context_features_to_string (FlatpakContextFeatures features, FlatpakContextFeatures valid)
{
return flatpak_context_bitmask_to_string (features, valid, flatpak_context_features);
}
static void
flatpak_context_features_to_args (FlatpakContextFeatures features,
FlatpakContextFeatures valid,
GPtrArray *args)
{
return flatpak_context_bitmask_to_args (features, valid, flatpak_context_features, "--allow", "--disallow", args);
}
static void
flatpak_context_add_shares (FlatpakContext *context,
FlatpakContextShares shares)
{
context->shares_valid |= shares;
context->shares |= shares;
}
static void
flatpak_context_remove_shares (FlatpakContext *context,
FlatpakContextShares shares)
{
context->shares_valid |= shares;
context->shares &= ~shares;
}
static void
flatpak_context_add_sockets (FlatpakContext *context,
FlatpakContextSockets sockets)
{
context->sockets_valid |= sockets;
context->sockets |= sockets;
}
static void
flatpak_context_remove_sockets (FlatpakContext *context,
FlatpakContextSockets sockets)
{
context->sockets_valid |= sockets;
context->sockets &= ~sockets;
}
static void
flatpak_context_add_devices (FlatpakContext *context,
FlatpakContextDevices devices)
{
context->devices_valid |= devices;
context->devices |= devices;
}
static void
flatpak_context_remove_devices (FlatpakContext *context,
FlatpakContextDevices devices)
{
context->devices_valid |= devices;
context->devices &= ~devices;
}
static void
flatpak_context_add_features (FlatpakContext *context,
FlatpakContextFeatures features)
{
context->features_valid |= features;
context->features |= features;
}
static void
flatpak_context_remove_features (FlatpakContext *context,
FlatpakContextFeatures features)
{
context->features_valid |= features;
context->features &= ~features;
}
static void
flatpak_context_set_env_var (FlatpakContext *context,
const char *name,
const char *value)
{
g_hash_table_insert (context->env_vars, g_strdup (name), g_strdup (value));
}
void
flatpak_context_set_session_bus_policy (FlatpakContext *context,
const char *name,
FlatpakPolicy policy)
{
g_hash_table_insert (context->session_bus_policy, g_strdup (name), GINT_TO_POINTER (policy));
}
void
flatpak_context_set_system_bus_policy (FlatpakContext *context,
const char *name,
FlatpakPolicy policy)
{
g_hash_table_insert (context->system_bus_policy, g_strdup (name), GINT_TO_POINTER (policy));
}
static void
flatpak_context_apply_generic_policy (FlatpakContext *context,
const char *key,
const char *value)
{
GPtrArray *new = g_ptr_array_new ();
const char **old_v;
int i;
g_assert (strchr (key, '.') != NULL);
old_v = g_hash_table_lookup (context->generic_policy, key);
for (i = 0; old_v != NULL && old_v[i] != NULL; i++)
{
const char *old = old_v[i];
const char *cmp1 = old;
const char *cmp2 = value;
if (*cmp1 == '!')
cmp1++;
if (*cmp2 == '!')
cmp2++;
if (strcmp (cmp1, cmp2) != 0)
g_ptr_array_add (new, g_strdup (old));
}
g_ptr_array_add (new, g_strdup (value));
g_ptr_array_add (new, NULL);
g_hash_table_insert (context->generic_policy, g_strdup (key),
g_ptr_array_free (new, FALSE));
}
static void
flatpak_context_set_persistent (FlatpakContext *context,
const char *path)
{
g_hash_table_insert (context->persistent, g_strdup (path), GINT_TO_POINTER (1));
}
static gboolean
get_xdg_dir_from_prefix (const char *prefix,
const char **where,
const char **dir)
{
if (strcmp (prefix, "xdg-data") == 0)
{
if (where)
*where = "data";
if (dir)
*dir = g_get_user_data_dir ();
return TRUE;
}
if (strcmp (prefix, "xdg-cache") == 0)
{
if (where)
*where = "cache";
if (dir)
*dir = g_get_user_cache_dir ();
return TRUE;
}
if (strcmp (prefix, "xdg-config") == 0)
{
if (where)
*where = "config";
if (dir)
*dir = g_get_user_config_dir ();
return TRUE;
}
return FALSE;
}
/* This looks only in the xdg dirs (config, cache, data), not the user
definable ones */
static char *
get_xdg_dir_from_string (const char *filesystem,
const char **suffix,
const char **where)
{
char *slash;
const char *rest;
g_autofree char *prefix = NULL;
const char *dir = NULL;
gsize len;
slash = strchr (filesystem, '/');
if (slash)
len = slash - filesystem;
else
len = strlen (filesystem);
rest = filesystem + len;
while (*rest == '/')
rest++;
if (suffix != NULL)
*suffix = rest;
prefix = g_strndup (filesystem, len);
if (get_xdg_dir_from_prefix (prefix, where, &dir))
return g_build_filename (dir, rest, NULL);
return NULL;
}
static gboolean
get_xdg_user_dir_from_string (const char *filesystem,
const char **config_key,
const char **suffix,
const char **dir)
{
char *slash;
const char *rest;
g_autofree char *prefix = NULL;
gsize len;
slash = strchr (filesystem, '/');
if (slash)
len = slash - filesystem;
else
len = strlen (filesystem);
rest = filesystem + len;
while (*rest == '/')
rest++;
if (suffix)
*suffix = rest;
prefix = g_strndup (filesystem, len);
if (strcmp (prefix, "xdg-desktop") == 0)
{
if (config_key)
*config_key = "XDG_DESKTOP_DIR";
if (dir)
*dir = g_get_user_special_dir (G_USER_DIRECTORY_DESKTOP);
return TRUE;
}
if (strcmp (prefix, "xdg-documents") == 0)
{
if (config_key)
*config_key = "XDG_DOCUMENTS_DIR";
if (dir)
*dir = g_get_user_special_dir (G_USER_DIRECTORY_DOCUMENTS);
return TRUE;
}
if (strcmp (prefix, "xdg-download") == 0)
{
if (config_key)
*config_key = "XDG_DOWNLOAD_DIR";
if (dir)
*dir = g_get_user_special_dir (G_USER_DIRECTORY_DOWNLOAD);
return TRUE;
}
if (strcmp (prefix, "xdg-music") == 0)
{
if (config_key)
*config_key = "XDG_MUSIC_DIR";
if (dir)
*dir = g_get_user_special_dir (G_USER_DIRECTORY_MUSIC);
return TRUE;
}
if (strcmp (prefix, "xdg-pictures") == 0)
{
if (config_key)
*config_key = "XDG_PICTURES_DIR";
if (dir)
*dir = g_get_user_special_dir (G_USER_DIRECTORY_PICTURES);
return TRUE;
}
if (strcmp (prefix, "xdg-public-share") == 0)
{
if (config_key)
*config_key = "XDG_PUBLICSHARE_DIR";
if (dir)
*dir = g_get_user_special_dir (G_USER_DIRECTORY_PUBLIC_SHARE);
return TRUE;
}
if (strcmp (prefix, "xdg-templates") == 0)
{
if (config_key)
*config_key = "XDG_TEMPLATES_DIR";
if (dir)
*dir = g_get_user_special_dir (G_USER_DIRECTORY_TEMPLATES);
return TRUE;
}
if (strcmp (prefix, "xdg-videos") == 0)
{
if (config_key)
*config_key = "XDG_VIDEOS_DIR";
if (dir)
*dir = g_get_user_special_dir (G_USER_DIRECTORY_VIDEOS);
return TRUE;
}
if (get_xdg_dir_from_prefix (prefix, NULL, dir))
{
if (config_key)
*config_key = NULL;
return TRUE;
}
/* Don't support xdg-run without suffix, because that doesn't work */
if (strcmp (prefix, "xdg-run") == 0 &&
*rest != 0)
{
if (config_key)
*config_key = NULL;
if (dir)
*dir = g_get_user_runtime_dir ();
return TRUE;
}
return FALSE;
}
static char *
parse_filesystem_flags (const char *filesystem, FlatpakFilesystemMode *mode)
{
gsize len = strlen (filesystem);
if (mode)
*mode = FLATPAK_FILESYSTEM_MODE_READ_WRITE;
if (g_str_has_suffix (filesystem, ":ro"))
{
len -= 3;
if (mode)
*mode = FLATPAK_FILESYSTEM_MODE_READ_ONLY;
}
else if (g_str_has_suffix (filesystem, ":rw"))
{
len -= 3;
if (mode)
*mode = FLATPAK_FILESYSTEM_MODE_READ_WRITE;
}
else if (g_str_has_suffix (filesystem, ":create"))
{
len -= 7;
if (mode)
*mode = FLATPAK_FILESYSTEM_MODE_CREATE;
}
return g_strndup (filesystem, len);
}
static gboolean
flatpak_context_verify_filesystem (const char *filesystem_and_mode,
GError **error)
{
g_autofree char *filesystem = parse_filesystem_flags (filesystem_and_mode, NULL);
if (strcmp (filesystem, "host") == 0)
return TRUE;
if (strcmp (filesystem, "home") == 0)
return TRUE;
if (get_xdg_user_dir_from_string (filesystem, NULL, NULL, NULL))
return TRUE;
if (g_str_has_prefix (filesystem, "~/"))
return TRUE;
if (g_str_has_prefix (filesystem, "/"))
return TRUE;
g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
_("Unknown filesystem location %s, valid types are: host, home, xdg-*[/...], ~/dir, /dir"), filesystem);
return FALSE;
}
static void
flatpak_context_add_filesystem (FlatpakContext *context,
const char *what)
{
FlatpakFilesystemMode mode;
char *fs = parse_filesystem_flags (what, &mode);
g_hash_table_insert (context->filesystems, fs, GINT_TO_POINTER (mode));
}
static void
flatpak_context_remove_filesystem (FlatpakContext *context,
const char *what)
{
g_hash_table_insert (context->filesystems,
parse_filesystem_flags (what, NULL),
NULL);
}
void
flatpak_context_merge (FlatpakContext *context,
FlatpakContext *other)
{
GHashTableIter iter;
gpointer key, value;
context->shares &= ~other->shares_valid;
context->shares |= other->shares;
context->shares_valid |= other->shares_valid;
context->sockets &= ~other->sockets_valid;
context->sockets |= other->sockets;
context->sockets_valid |= other->sockets_valid;
context->devices &= ~other->devices_valid;
context->devices |= other->devices;
context->devices_valid |= other->devices_valid;
context->features &= ~other->features_valid;
context->features |= other->features;
context->features_valid |= other->features_valid;
g_hash_table_iter_init (&iter, other->env_vars);
while (g_hash_table_iter_next (&iter, &key, &value))
g_hash_table_insert (context->env_vars, g_strdup (key), g_strdup (value));
g_hash_table_iter_init (&iter, other->persistent);
while (g_hash_table_iter_next (&iter, &key, &value))
g_hash_table_insert (context->persistent, g_strdup (key), value);
g_hash_table_iter_init (&iter, other->filesystems);
while (g_hash_table_iter_next (&iter, &key, &value))
g_hash_table_insert (context->filesystems, g_strdup (key), value);
g_hash_table_iter_init (&iter, other->session_bus_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
g_hash_table_insert (context->session_bus_policy, g_strdup (key), value);
g_hash_table_iter_init (&iter, other->system_bus_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
g_hash_table_insert (context->system_bus_policy, g_strdup (key), value);
g_hash_table_iter_init (&iter, other->system_bus_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
g_hash_table_insert (context->system_bus_policy, g_strdup (key), value);
g_hash_table_iter_init (&iter, other->generic_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
{
const char **policy_values = (const char **)value;
int i;
for (i = 0; policy_values[i] != NULL; i++)
flatpak_context_apply_generic_policy (context, (char *)key, policy_values[i]);
}
}
static gboolean
option_share_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
FlatpakContextShares share;
share = flatpak_context_share_from_string (value, error);
if (share == 0)
return FALSE;
flatpak_context_add_shares (context, share);
return TRUE;
}
static gboolean
option_unshare_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
FlatpakContextShares share;
share = flatpak_context_share_from_string (value, error);
if (share == 0)
return FALSE;
flatpak_context_remove_shares (context, share);
return TRUE;
}
static gboolean
option_socket_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
FlatpakContextSockets socket;
socket = flatpak_context_socket_from_string (value, error);
if (socket == 0)
return FALSE;
flatpak_context_add_sockets (context, socket);
return TRUE;
}
static gboolean
option_nosocket_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
FlatpakContextSockets socket;
socket = flatpak_context_socket_from_string (value, error);
if (socket == 0)
return FALSE;
flatpak_context_remove_sockets (context, socket);
return TRUE;
}
static gboolean
option_device_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
FlatpakContextDevices device;
device = flatpak_context_device_from_string (value, error);
if (device == 0)
return FALSE;
flatpak_context_add_devices (context, device);
return TRUE;
}
static gboolean
option_nodevice_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
FlatpakContextDevices device;
device = flatpak_context_device_from_string (value, error);
if (device == 0)
return FALSE;
flatpak_context_remove_devices (context, device);
return TRUE;
}
static gboolean
option_allow_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
FlatpakContextFeatures feature;
feature = flatpak_context_feature_from_string (value, error);
if (feature == 0)
return FALSE;
flatpak_context_add_features (context, feature);
return TRUE;
}
static gboolean
option_disallow_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
FlatpakContextFeatures feature;
feature = flatpak_context_feature_from_string (value, error);
if (feature == 0)
return FALSE;
flatpak_context_remove_features (context, feature);
return TRUE;
}
static gboolean
option_filesystem_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
if (!flatpak_context_verify_filesystem (value, error))
return FALSE;
flatpak_context_add_filesystem (context, value);
return TRUE;
}
static gboolean
option_nofilesystem_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
if (!flatpak_context_verify_filesystem (value, error))
return FALSE;
flatpak_context_remove_filesystem (context, value);
return TRUE;
}
static gboolean
option_env_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
g_auto(GStrv) split = g_strsplit (value, "=", 2);
if (split == NULL || split[0] == NULL || split[0][0] == 0 || split[1] == NULL)
{
g_set_error (error, G_OPTION_ERROR, G_OPTION_ERROR_FAILED,
_("Invalid env format %s"), value);
return FALSE;
}
flatpak_context_set_env_var (context, split[0], split[1]);
return TRUE;
}
static gboolean
option_own_name_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
if (!flatpak_verify_dbus_name (value, error))
return FALSE;
flatpak_context_set_session_bus_policy (context, value, FLATPAK_POLICY_OWN);
return TRUE;
}
static gboolean
option_talk_name_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
if (!flatpak_verify_dbus_name (value, error))
return FALSE;
flatpak_context_set_session_bus_policy (context, value, FLATPAK_POLICY_TALK);
return TRUE;
}
static gboolean
option_system_own_name_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
if (!flatpak_verify_dbus_name (value, error))
return FALSE;
flatpak_context_set_system_bus_policy (context, value, FLATPAK_POLICY_OWN);
return TRUE;
}
static gboolean
option_system_talk_name_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
if (!flatpak_verify_dbus_name (value, error))
return FALSE;
flatpak_context_set_system_bus_policy (context, value, FLATPAK_POLICY_TALK);
return TRUE;
}
static gboolean
option_add_generic_policy_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
char *t;
g_autofree char *key = NULL;
const char *policy_value;
t = strchr (value, '=');
if (t == NULL)
return flatpak_fail (error, "--policy arguments must be in the form SUBSYSTEM.KEY=[!]VALUE");
policy_value = t + 1;
key = g_strndup (value, t - value);
if (strchr (key, '.') == NULL)
return flatpak_fail (error, "--policy arguments must be in the form SUBSYSTEM.KEY=[!]VALUE");
if (policy_value[0] == '!')
return flatpak_fail (error, "--policy values can't start with \"!\"");
flatpak_context_apply_generic_policy (context, key, policy_value);
return TRUE;
}
static gboolean
option_remove_generic_policy_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
char *t;
g_autofree char *key = NULL;
const char *policy_value;
g_autofree char *extended_value = NULL;
t = strchr (value, '=');
if (t == NULL)
return flatpak_fail (error, "--policy arguments must be in the form SUBSYSTEM.KEY=[!]VALUE");
policy_value = t + 1;
key = g_strndup (value, t - value);
if (strchr (key, '.') == NULL)
return flatpak_fail (error, "--policy arguments must be in the form SUBSYSTEM.KEY=[!]VALUE");
if (policy_value[0] == '!')
return flatpak_fail (error, "--policy values can't start with \"!\"");
extended_value = g_strconcat ("!", policy_value, NULL);
flatpak_context_apply_generic_policy (context, key, extended_value);
return TRUE;
}
static gboolean
option_persist_cb (const gchar *option_name,
const gchar *value,
gpointer data,
GError **error)
{
FlatpakContext *context = data;
flatpak_context_set_persistent (context, value);
return TRUE;
}
static gboolean option_no_desktop_deprecated;
static GOptionEntry context_options[] = {
{ "share", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_share_cb, N_("Share with host"), N_("SHARE") },
{ "unshare", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_unshare_cb, N_("Unshare with host"), N_("SHARE") },
{ "socket", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_socket_cb, N_("Expose socket to app"), N_("SOCKET") },
{ "nosocket", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_nosocket_cb, N_("Don't expose socket to app"), N_("SOCKET") },
{ "device", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_device_cb, N_("Expose device to app"), N_("DEVICE") },
{ "nodevice", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_nodevice_cb, N_("Don't expose device to app"), N_("DEVICE") },
{ "allow", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_allow_cb, N_("Allow feature"), N_("FEATURE") },
{ "disallow", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_disallow_cb, N_("Don't allow feature"), N_("FEATURE") },
{ "filesystem", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_filesystem_cb, N_("Expose filesystem to app (:ro for read-only)"), N_("FILESYSTEM[:ro]") },
{ "nofilesystem", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_nofilesystem_cb, N_("Don't expose filesystem to app"), N_("FILESYSTEM") },
{ "env", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_env_cb, N_("Set environment variable"), N_("VAR=VALUE") },
{ "own-name", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_own_name_cb, N_("Allow app to own name on the session bus"), N_("DBUS_NAME") },
{ "talk-name", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_talk_name_cb, N_("Allow app to talk to name on the session bus"), N_("DBUS_NAME") },
{ "system-own-name", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_system_own_name_cb, N_("Allow app to own name on the system bus"), N_("DBUS_NAME") },
{ "system-talk-name", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_system_talk_name_cb, N_("Allow app to talk to name on the system bus"), N_("DBUS_NAME") },
{ "add-policy", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_add_generic_policy_cb, N_("Add generic policy option"), N_("SUBSYSTEM.KEY=VALUE") },
{ "remove-policy", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_remove_generic_policy_cb, N_("Remove generic policy option"), N_("SUBSYSTEM.KEY=VALUE") },
{ "persist", 0, G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_CALLBACK, &option_persist_cb, N_("Persist home directory"), N_("FILENAME") },
/* This is not needed/used anymore, so hidden, but we accept it for backwards compat */
{ "no-desktop", 0, G_OPTION_FLAG_IN_MAIN | G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE, &option_no_desktop_deprecated, N_("Don't require a running session (no cgroups creation)"), NULL },
{ NULL }
};
void
flatpak_context_complete (FlatpakContext *context, FlatpakCompletion *completion)
{
flatpak_complete_options (completion, context_options);
}
GOptionGroup *
flatpak_context_get_options (FlatpakContext *context)
{
GOptionGroup *group;
group = g_option_group_new ("environment",
"Runtime Environment",
"Runtime Environment",
context,
NULL);
g_option_group_set_translation_domain (group, GETTEXT_PACKAGE);
g_option_group_add_entries (group, context_options);
return group;
}
static const char *
parse_negated (const char *option, gboolean *negated)
{
if (option[0] == '!')
{
option++;
*negated = TRUE;
}
else
{
*negated = FALSE;
}
return option;
}
/* This is a merge, not a replace */
gboolean
flatpak_context_load_metadata (FlatpakContext *context,
GKeyFile *metakey,
GError **error)
{
gboolean remove;
g_auto(GStrv) groups = NULL;
int i;
if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_SHARED, NULL))
{
g_auto(GStrv) shares = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_SHARED, NULL, error);
if (shares == NULL)
return FALSE;
for (i = 0; shares[i] != NULL; i++)
{
FlatpakContextShares share;
share = flatpak_context_share_from_string (parse_negated (shares[i], &remove), error);
if (share == 0)
return FALSE;
if (remove)
flatpak_context_remove_shares (context, share);
else
flatpak_context_add_shares (context, share);
}
}
if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_SOCKETS, NULL))
{
g_auto(GStrv) sockets = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_SOCKETS, NULL, error);
if (sockets == NULL)
return FALSE;
for (i = 0; sockets[i] != NULL; i++)
{
FlatpakContextSockets socket = flatpak_context_socket_from_string (parse_negated (sockets[i], &remove), error);
if (socket == 0)
return FALSE;
if (remove)
flatpak_context_remove_sockets (context, socket);
else
flatpak_context_add_sockets (context, socket);
}
}
if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_DEVICES, NULL))
{
g_auto(GStrv) devices = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_DEVICES, NULL, error);
if (devices == NULL)
return FALSE;
for (i = 0; devices[i] != NULL; i++)
{
FlatpakContextDevices device = flatpak_context_device_from_string (parse_negated (devices[i], &remove), error);
if (device == 0)
return FALSE;
if (remove)
flatpak_context_remove_devices (context, device);
else
flatpak_context_add_devices (context, device);
}
}
if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_FEATURES, NULL))
{
g_auto(GStrv) features = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_FEATURES, NULL, error);
if (features == NULL)
return FALSE;
for (i = 0; features[i] != NULL; i++)
{
FlatpakContextFeatures feature = flatpak_context_feature_from_string (parse_negated (features[i], &remove), error);
if (feature == 0)
return FALSE;
if (remove)
flatpak_context_remove_features (context, feature);
else
flatpak_context_add_features (context, feature);
}
}
if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_FILESYSTEMS, NULL))
{
g_auto(GStrv) filesystems = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_FILESYSTEMS, NULL, error);
if (filesystems == NULL)
return FALSE;
for (i = 0; filesystems[i] != NULL; i++)
{
const char *fs = parse_negated (filesystems[i], &remove);
if (!flatpak_context_verify_filesystem (fs, error))
return FALSE;
if (remove)
flatpak_context_remove_filesystem (context, fs);
else
flatpak_context_add_filesystem (context, fs);
}
}
if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_PERSISTENT, NULL))
{
g_auto(GStrv) persistent = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_PERSISTENT, NULL, error);
if (persistent == NULL)
return FALSE;
for (i = 0; persistent[i] != NULL; i++)
flatpak_context_set_persistent (context, persistent[i]);
}
if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY))
{
g_auto(GStrv) keys = NULL;
gsize i, keys_count;
keys = g_key_file_get_keys (metakey, FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY, &keys_count, NULL);
for (i = 0; i < keys_count; i++)
{
const char *key = keys[i];
g_autofree char *value = g_key_file_get_string (metakey, FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY, key, NULL);
FlatpakPolicy policy;
if (!flatpak_verify_dbus_name (key, error))
return FALSE;
policy = flatpak_policy_from_string (value, error);
if ((int) policy == -1)
return FALSE;
flatpak_context_set_session_bus_policy (context, key, policy);
}
}
if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY))
{
g_auto(GStrv) keys = NULL;
gsize i, keys_count;
keys = g_key_file_get_keys (metakey, FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY, &keys_count, NULL);
for (i = 0; i < keys_count; i++)
{
const char *key = keys[i];
g_autofree char *value = g_key_file_get_string (metakey, FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY, key, NULL);
FlatpakPolicy policy;
if (!flatpak_verify_dbus_name (key, error))
return FALSE;
policy = flatpak_policy_from_string (value, error);
if ((int) policy == -1)
return FALSE;
flatpak_context_set_system_bus_policy (context, key, policy);
}
}
if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_ENVIRONMENT))
{
g_auto(GStrv) keys = NULL;
gsize i, keys_count;
keys = g_key_file_get_keys (metakey, FLATPAK_METADATA_GROUP_ENVIRONMENT, &keys_count, NULL);
for (i = 0; i < keys_count; i++)
{
const char *key = keys[i];
g_autofree char *value = g_key_file_get_string (metakey, FLATPAK_METADATA_GROUP_ENVIRONMENT, key, NULL);
flatpak_context_set_env_var (context, key, value);
}
}
groups = g_key_file_get_groups (metakey, NULL);
for (i = 0; groups[i] != NULL; i++)
{
const char *group = groups[i];
const char *subsystem;
int j;
if (g_str_has_prefix (group, FLATPAK_METADATA_GROUP_PREFIX_POLICY))
{
g_auto(GStrv) keys = NULL;
subsystem = group + strlen (FLATPAK_METADATA_GROUP_PREFIX_POLICY);
keys = g_key_file_get_keys (metakey, group, NULL, NULL);
for (j = 0; keys != NULL && keys[j] != NULL; j++)
{
const char *key = keys[j];
g_autofree char *policy_key = g_strdup_printf ("%s.%s", subsystem, key);
g_auto(GStrv) values = NULL;
int k;
values = g_key_file_get_string_list (metakey, group, key, NULL, NULL);
for (k = 0; values != NULL && values[k] != NULL; k++)
flatpak_context_apply_generic_policy (context, policy_key,
values[k]);
}
}
}
return TRUE;
}
void
flatpak_context_save_metadata (FlatpakContext *context,
gboolean flatten,
GKeyFile *metakey)
{
g_auto(GStrv) shared = NULL;
g_auto(GStrv) sockets = NULL;
g_auto(GStrv) devices = NULL;
g_auto(GStrv) features = NULL;
GHashTableIter iter;
gpointer key, value;
FlatpakContextShares shares_mask = context->shares;
FlatpakContextShares shares_valid = context->shares_valid;
FlatpakContextSockets sockets_mask = context->sockets;
FlatpakContextSockets sockets_valid = context->sockets_valid;
FlatpakContextDevices devices_mask = context->devices;
FlatpakContextDevices devices_valid = context->devices_valid;
FlatpakContextFeatures features_mask = context->features;
FlatpakContextFeatures features_valid = context->features;
g_auto(GStrv) groups = NULL;
int i;
if (flatten)
{
/* A flattened format means we don't expect this to be merged on top of
another context. In that case we never need to negate any flags.
We calculate this by removing the zero parts of the mask from the valid set.
*/
/* First we make sure only the valid parts of the mask are set, in case we
got some leftover */
shares_mask &= shares_valid;
sockets_mask &= sockets_valid;
devices_mask &= devices_valid;
features_mask &= features_valid;
/* Then just set the valid set to be the mask set */
shares_valid = shares_mask;
sockets_valid = sockets_mask;
devices_valid = devices_mask;
features_valid = features_mask;
}
shared = flatpak_context_shared_to_string (shares_mask, shares_valid);
sockets = flatpak_context_sockets_to_string (sockets_mask, sockets_valid);
devices = flatpak_context_devices_to_string (devices_mask, devices_valid);
features = flatpak_context_features_to_string (features_mask, features_valid);
if (shared[0] != NULL)
{
g_key_file_set_string_list (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_SHARED,
(const char * const *) shared, g_strv_length (shared));
}
else
{
g_key_file_remove_key (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_SHARED,
NULL);
}
if (sockets[0] != NULL)
{
g_key_file_set_string_list (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_SOCKETS,
(const char * const *) sockets, g_strv_length (sockets));
}
else
{
g_key_file_remove_key (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_SOCKETS,
NULL);
}
if (devices[0] != NULL)
{
g_key_file_set_string_list (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_DEVICES,
(const char * const *) devices, g_strv_length (devices));
}
else
{
g_key_file_remove_key (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_DEVICES,
NULL);
}
if (features[0] != NULL)
{
g_key_file_set_string_list (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_FEATURES,
(const char * const *) features, g_strv_length (features));
}
else
{
g_key_file_remove_key (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_FEATURES,
NULL);
}
if (g_hash_table_size (context->filesystems) > 0)
{
g_autoptr(GPtrArray) array = g_ptr_array_new_with_free_func (g_free);
g_hash_table_iter_init (&iter, context->filesystems);
while (g_hash_table_iter_next (&iter, &key, &value))
{
FlatpakFilesystemMode mode = GPOINTER_TO_INT (value);
if (mode == FLATPAK_FILESYSTEM_MODE_READ_ONLY)
g_ptr_array_add (array, g_strconcat (key, ":ro", NULL));
else if (mode == FLATPAK_FILESYSTEM_MODE_CREATE)
g_ptr_array_add (array, g_strconcat (key, ":create", NULL));
else if (value != NULL)
g_ptr_array_add (array, g_strdup (key));
}
g_key_file_set_string_list (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_FILESYSTEMS,
(const char * const *) array->pdata, array->len);
}
else
{
g_key_file_remove_key (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_FILESYSTEMS,
NULL);
}
if (g_hash_table_size (context->persistent) > 0)
{
g_autofree char **keys = (char **) g_hash_table_get_keys_as_array (context->persistent, NULL);
g_key_file_set_string_list (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_PERSISTENT,
(const char * const *) keys, g_strv_length (keys));
}
else
{
g_key_file_remove_key (metakey,
FLATPAK_METADATA_GROUP_CONTEXT,
FLATPAK_METADATA_KEY_PERSISTENT,
NULL);
}
g_key_file_remove_group (metakey, FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY, NULL);
g_hash_table_iter_init (&iter, context->session_bus_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
{
FlatpakPolicy policy = GPOINTER_TO_INT (value);
if (policy > 0)
g_key_file_set_string (metakey,
FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY,
(char *) key, flatpak_policy_to_string (policy));
}
g_key_file_remove_group (metakey, FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY, NULL);
g_hash_table_iter_init (&iter, context->system_bus_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
{
FlatpakPolicy policy = GPOINTER_TO_INT (value);
if (policy > 0)
g_key_file_set_string (metakey,
FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY,
(char *) key, flatpak_policy_to_string (policy));
}
g_key_file_remove_group (metakey, FLATPAK_METADATA_GROUP_ENVIRONMENT, NULL);
g_hash_table_iter_init (&iter, context->env_vars);
while (g_hash_table_iter_next (&iter, &key, &value))
{
g_key_file_set_string (metakey,
FLATPAK_METADATA_GROUP_ENVIRONMENT,
(char *) key, (char *) value);
}
groups = g_key_file_get_groups (metakey, NULL);
for (i = 0; groups[i] != NULL; i++)
{
const char *group = groups[i];
if (g_str_has_prefix (group, FLATPAK_METADATA_GROUP_PREFIX_POLICY))
g_key_file_remove_group (metakey, group, NULL);
}
g_hash_table_iter_init (&iter, context->generic_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
{
g_auto(GStrv) parts = g_strsplit ((const char *)key, ".", 2);
g_autofree char *group = NULL;
g_assert (parts[1] != NULL);
const char **policy_values = (const char **)value;
g_autoptr(GPtrArray) new = g_ptr_array_new ();
for (i = 0; policy_values[i] != NULL; i++)
{
const char *policy_value = policy_values[i];
if (!flatten || policy_value[0] != '!')
g_ptr_array_add (new, (char *)policy_value);
}
if (new->len > 0)
{
group = g_strconcat (FLATPAK_METADATA_GROUP_PREFIX_POLICY,
parts[0], NULL);
g_key_file_set_string_list (metakey, group, parts[1],
(const char * const*)new->pdata,
new->len);
}
}
}
void
flatpak_context_allow_host_fs (FlatpakContext *context)
{
flatpak_context_add_filesystem (context, "host");
}
gboolean
flatpak_context_get_needs_session_bus_proxy (FlatpakContext *context)
{
return g_hash_table_size (context->session_bus_policy) > 0;
}
gboolean
flatpak_context_get_needs_system_bus_proxy (FlatpakContext *context)
{
return g_hash_table_size (context->system_bus_policy) > 0;
}
void
flatpak_context_to_args (FlatpakContext *context,
GPtrArray *args)
{
GHashTableIter iter;
gpointer key, value;
flatpak_context_shared_to_args (context->shares, context->shares_valid, args);
flatpak_context_sockets_to_args (context->sockets, context->sockets_valid, args);
flatpak_context_devices_to_args (context->devices, context->devices_valid, args);
flatpak_context_features_to_args (context->features, context->features_valid, args);
g_hash_table_iter_init (&iter, context->env_vars);
while (g_hash_table_iter_next (&iter, &key, &value))
g_ptr_array_add (args, g_strdup_printf ("--env=%s=%s", (char *)key, (char *)value));
g_hash_table_iter_init (&iter, context->persistent);
while (g_hash_table_iter_next (&iter, &key, &value))
g_ptr_array_add (args, g_strdup_printf ("--persist=%s", (char *)key));
g_hash_table_iter_init (&iter, context->session_bus_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
{
const char *name = key;
FlatpakPolicy policy = GPOINTER_TO_INT (value);
g_ptr_array_add (args, g_strdup_printf ("--%s-name=%s", flatpak_policy_to_string (policy), name));
}
g_hash_table_iter_init (&iter, context->system_bus_policy);
while (g_hash_table_iter_next (&iter, &key, &value))
{
const char *name = key;
FlatpakPolicy policy = GPOINTER_TO_INT (value);
g_ptr_array_add (args, g_strdup_printf ("--system-%s-name=%s", flatpak_policy_to_string (policy), name));
}
g_hash_table_iter_init (&iter, context->filesystems);
while (g_hash_table_iter_next (&iter, &key, &value))
{
FlatpakFilesystemMode mode = GPOINTER_TO_INT (value);
if (mode == FLATPAK_FILESYSTEM_MODE_READ_ONLY)
g_ptr_array_add (args, g_strdup_printf ("--filesystem=%s:ro", (char *)key));
else if (mode == FLATPAK_FILESYSTEM_MODE_READ_WRITE)
g_ptr_array_add (args, g_strdup_printf ("--filesystem=%s", (char *)key));
else if (mode == FLATPAK_FILESYSTEM_MODE_CREATE)
g_ptr_array_add (args, g_strdup_printf ("--filesystem=%s:create", (char *)key));
else
g_ptr_array_add (args, g_strdup_printf ("--nofilesystem=%s", (char *)key));
}
}
static char *
extract_unix_path_from_dbus_address (const char *address)
{
const char *path, *path_end;
if (address == NULL)
return NULL;
if (!g_str_has_prefix (address, "unix:"))
return NULL;
path = strstr (address, "path=");
if (path == NULL)
return NULL;
path += strlen ("path=");
path_end = path;
while (*path_end != 0 && *path_end != ',')
path_end++;
return g_strndup (path, path_end - path);
}
#ifdef ENABLE_XAUTH
static gboolean
auth_streq (char *str,
char *au_str,
int au_len)
{
return au_len == strlen (str) && memcmp (str, au_str, au_len) == 0;
}
static gboolean
xauth_entry_should_propagate (Xauth *xa,
char *hostname,
char *number)
{
/* ensure entry isn't for remote access */
if (xa->family != FamilyLocal && xa->family != FamilyWild)
return FALSE;
/* ensure entry is for this machine */
if (xa->family == FamilyLocal && !auth_streq (hostname, xa->address, xa->address_length))
return FALSE;
/* ensure entry is for this session */
if (xa->number != NULL && !auth_streq (number, xa->number, xa->number_length))
return FALSE;
return TRUE;
}
static void
write_xauth (char *number, FILE *output)
{
Xauth *xa, local_xa;
char *filename;
FILE *f;
struct utsname unames;
if (uname (&unames))
{
g_warning ("uname failed");
return;
}
filename = XauFileName ();
f = fopen (filename, "rb");
if (f == NULL)
return;
while (TRUE)
{
xa = XauReadAuth (f);
if (xa == NULL)
break;
if (xauth_entry_should_propagate (xa, unames.nodename, number))
{
local_xa = *xa;
if (local_xa.number)
{
local_xa.number = "99";
local_xa.number_length = 2;
}
if (!XauWriteAuth (output, &local_xa))
g_warning ("xauth write error");
}
XauDisposeAuth (xa);
}
fclose (f);
}
#endif /* ENABLE_XAUTH */
static void
add_args (GPtrArray *argv_array, ...)
{
va_list args;
const gchar *arg;
va_start (args, argv_array);
while ((arg = va_arg (args, const gchar *)))
g_ptr_array_add (argv_array, g_strdup (arg));
va_end (args);
}
static int
create_tmp_fd (const char *contents,
gssize length,
GError **error)
{
char template[] = "/tmp/tmp_fd_XXXXXX";
int fd;
if (length < 0)
length = strlen (contents);
fd = g_mkstemp (template);
if (fd < 0)
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (errno),
_("Failed to create temporary file"));
return -1;
}
if (unlink (template) != 0)
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (errno),
_("Failed to unlink temporary file"));
close (fd);
return -1;
}
while (length > 0)
{
gssize s;
s = write (fd, contents, length);
if (s < 0)
{
int saved_errno = errno;
if (saved_errno == EINTR)
continue;
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (saved_errno),
_("Failed to write to temporary file"));
close (fd);
return -1;
}
g_assert (s <= length);
contents += s;
length -= s;
}
lseek (fd, 0, SEEK_SET);
return fd;
}
static void
flatpak_run_add_x11_args (GPtrArray *argv_array,
GArray *fd_array,
char ***envp_p,
gboolean allowed)
{
g_autofree char *x11_socket = NULL;
const char *display;
/* Always cover /tmp/.X11-unix, that way we never see the host one in case
* we have access to the host /tmp. If you request X access we'll put the right
* thing in this anyway.
*/
add_args (argv_array,
"--tmpfs", "/tmp/.X11-unix",
NULL);
if (!allowed)
{
*envp_p = g_environ_unsetenv (*envp_p, "DISPLAY");
return;
}
g_debug ("Allowing x11 access");
display = g_getenv ("DISPLAY");
if (display && display[0] == ':' && g_ascii_isdigit (display[1]))
{
const char *display_nr = &display[1];
const char *display_nr_end = display_nr;
g_autofree char *d = NULL;
g_autofree char *tmp_path = NULL;
while (g_ascii_isdigit (*display_nr_end))
display_nr_end++;
d = g_strndup (display_nr, display_nr_end - display_nr);
x11_socket = g_strdup_printf ("/tmp/.X11-unix/X%s", d);
add_args (argv_array,
"--bind", x11_socket, "/tmp/.X11-unix/X99",
NULL);
*envp_p = g_environ_setenv (*envp_p, "DISPLAY", ":99.0", TRUE);
#ifdef ENABLE_XAUTH
int fd;
fd = g_file_open_tmp ("flatpak-xauth-XXXXXX", &tmp_path, NULL);
if (fd >= 0)
{
FILE *output = fdopen (fd, "wb");
if (output != NULL)
{
int tmp_fd = dup (fd);
if (tmp_fd != -1)
{
g_autofree char *tmp_fd_str = g_strdup_printf ("%d", tmp_fd);
g_autofree char *dest = g_strdup_printf ("/run/user/%d/Xauthority", getuid ());
write_xauth (d, output);
add_args (argv_array,
"--bind-data", tmp_fd_str, dest,
NULL);
if (fd_array)
g_array_append_val (fd_array, tmp_fd);
*envp_p = g_environ_setenv (*envp_p, "XAUTHORITY", dest, TRUE);
}
fclose (output);
unlink (tmp_path);
if (tmp_fd != -1)
lseek (tmp_fd, 0, SEEK_SET);
}
else
{
close (fd);
}
}
#endif
}
else
{
*envp_p = g_environ_unsetenv (*envp_p, "DISPLAY");
}
}
static void
flatpak_run_add_wayland_args (GPtrArray *argv_array,
char ***envp_p)
{
g_autofree char *wayland_socket = g_build_filename (g_get_user_runtime_dir (), "wayland-0", NULL);
g_autofree char *sandbox_wayland_socket = g_strdup_printf ("/run/user/%d/wayland-0", getuid ());
if (g_file_test (wayland_socket, G_FILE_TEST_EXISTS))
{
add_args (argv_array,
"--bind", wayland_socket, sandbox_wayland_socket,
NULL);
}
}
static void
flatpak_run_add_pulseaudio_args (GPtrArray *argv_array,
GArray *fd_array,
char ***envp_p)
{
g_autofree char *pulseaudio_socket = g_build_filename (g_get_user_runtime_dir (), "pulse/native", NULL);
*envp_p = g_environ_unsetenv (*envp_p, "PULSE_SERVER");
if (g_file_test (pulseaudio_socket, G_FILE_TEST_EXISTS))
{
gboolean share_shm = FALSE; /* TODO: When do we add this? */
g_autofree char *client_config = g_strdup_printf ("enable-shm=%s\n", share_shm ? "yes" : "no");
g_autofree char *sandbox_socket_path = g_strdup_printf ("/run/user/%d/pulse/native", getuid ());
g_autofree char *pulse_server = g_strdup_printf ("unix:/run/user/%d/pulse/native", getuid ());
g_autofree char *config_path = g_strdup_printf ("/run/user/%d/pulse/config", getuid ());
int fd;
g_autofree char *fd_str = NULL;
fd = create_tmp_fd (client_config, -1, NULL);
if (fd == -1)
return;
fd_str = g_strdup_printf ("%d", fd);
if (fd_array)
g_array_append_val (fd_array, fd);
add_args (argv_array,
"--bind", pulseaudio_socket, sandbox_socket_path,
"--bind-data", fd_str, config_path,
NULL);
*envp_p = g_environ_setenv (*envp_p, "PULSE_SERVER", pulse_server, TRUE);
*envp_p = g_environ_setenv (*envp_p, "PULSE_CLIENTCONFIG", config_path, TRUE);
}
}
static void
flatpak_run_add_journal_args (GPtrArray *argv_array)
{
g_autofree char *journal_socket_socket = g_strdup ("/run/systemd/journal/socket");
g_autofree char *journal_stdout_socket = g_strdup ("/run/systemd/journal/stdout");
if (g_file_test (journal_socket_socket, G_FILE_TEST_EXISTS))
{
add_args (argv_array,
"--bind", journal_socket_socket, journal_socket_socket,
NULL);
}
if (g_file_test (journal_stdout_socket, G_FILE_TEST_EXISTS))
{
add_args (argv_array,
"--bind", journal_stdout_socket, journal_stdout_socket,
NULL);
}
}
static char *
create_proxy_socket (char *template)
{
g_autofree char *proxy_socket_dir = g_build_filename (g_get_user_runtime_dir (), ".dbus-proxy", NULL);
g_autofree char *proxy_socket = g_build_filename (proxy_socket_dir, template, NULL);
int fd;
if (!glnx_shutil_mkdir_p_at (AT_FDCWD, proxy_socket_dir, 0755, NULL, NULL))
return NULL;
fd = g_mkstemp (proxy_socket);
if (fd == -1)
return NULL;
close (fd);
return g_steal_pointer (&proxy_socket);
}
static gboolean
flatpak_run_add_system_dbus_args (FlatpakContext *context,
char ***envp_p,
GPtrArray *argv_array,
GPtrArray *dbus_proxy_argv,
gboolean unrestricted)
{
const char *dbus_address = g_getenv ("DBUS_SYSTEM_BUS_ADDRESS");
g_autofree char *real_dbus_address = NULL;
g_autofree char *dbus_system_socket = NULL;
if (dbus_address != NULL)
dbus_system_socket = extract_unix_path_from_dbus_address (dbus_address);
else if (g_file_test ("/var/run/dbus/system_bus_socket", G_FILE_TEST_EXISTS))
dbus_system_socket = g_strdup ("/var/run/dbus/system_bus_socket");
if (dbus_system_socket != NULL && unrestricted)
{
add_args (argv_array,
"--bind", dbus_system_socket, "/run/dbus/system_bus_socket",
NULL);
*envp_p = g_environ_setenv (*envp_p, "DBUS_SYSTEM_BUS_ADDRESS", "unix:path=/run/dbus/system_bus_socket", TRUE);
return TRUE;
}
else if (dbus_proxy_argv &&
g_hash_table_size (context->system_bus_policy) > 0)
{
g_autofree char *proxy_socket = create_proxy_socket ("system-bus-proxy-XXXXXX");
if (proxy_socket == NULL)
return FALSE;
if (dbus_address)
real_dbus_address = g_strdup (dbus_address);
else
real_dbus_address = g_strdup_printf ("unix:path=%s", dbus_system_socket);
g_ptr_array_add (dbus_proxy_argv, g_strdup (real_dbus_address));
g_ptr_array_add (dbus_proxy_argv, g_strdup (proxy_socket));
add_args (argv_array,
"--bind", proxy_socket, "/run/dbus/system_bus_socket",
NULL);
*envp_p = g_environ_setenv (*envp_p, "DBUS_SYSTEM_BUS_ADDRESS", "unix:path=/run/dbus/system_bus_socket", TRUE);
return TRUE;
}
return FALSE;
}
static gboolean
flatpak_run_add_session_dbus_args (GPtrArray *argv_array,
char ***envp_p,
GPtrArray *dbus_proxy_argv,
gboolean unrestricted)
{
const char *dbus_address = g_getenv ("DBUS_SESSION_BUS_ADDRESS");
char *dbus_session_socket = NULL;
g_autofree char *sandbox_socket_path = g_strdup_printf ("/run/user/%d/bus", getuid ());
g_autofree char *sandbox_dbus_address = g_strdup_printf ("unix:path=/run/user/%d/bus", getuid ());
if (dbus_address == NULL)
return FALSE;
dbus_session_socket = extract_unix_path_from_dbus_address (dbus_address);
if (dbus_session_socket != NULL && unrestricted)
{
add_args (argv_array,
"--bind", dbus_session_socket, sandbox_socket_path,
NULL);
*envp_p = g_environ_setenv (*envp_p, "DBUS_SESSION_BUS_ADDRESS", sandbox_dbus_address, TRUE);
return TRUE;
}
else if (dbus_proxy_argv && dbus_address != NULL)
{
g_autofree char *proxy_socket = create_proxy_socket ("session-bus-proxy-XXXXXX");
if (proxy_socket == NULL)
return FALSE;
g_ptr_array_add (dbus_proxy_argv, g_strdup (dbus_address));
g_ptr_array_add (dbus_proxy_argv, g_strdup (proxy_socket));
add_args (argv_array,
"--bind", proxy_socket, sandbox_socket_path,
NULL);
*envp_p = g_environ_setenv (*envp_p, "DBUS_SESSION_BUS_ADDRESS", sandbox_dbus_address, TRUE);
return TRUE;
}
return FALSE;
}
static void
flatpak_add_bus_filters (GPtrArray *dbus_proxy_argv,
GHashTable *ht,
const char *app_id,
FlatpakContext *context)
{
GHashTableIter iter;
gpointer key, value;
g_ptr_array_add (dbus_proxy_argv, g_strdup ("--filter"));
if (app_id)
{
g_ptr_array_add (dbus_proxy_argv, g_strdup_printf ("--own=%s", app_id));
g_ptr_array_add (dbus_proxy_argv, g_strdup_printf ("--own=%s.*", app_id));
}
g_hash_table_iter_init (&iter, ht);
while (g_hash_table_iter_next (&iter, &key, &value))
{
FlatpakPolicy policy = GPOINTER_TO_INT (value);
if (policy > 0)
g_ptr_array_add (dbus_proxy_argv, g_strdup_printf ("--%s=%s", flatpak_policy_to_string (policy), (char *) key));
}
}
gboolean
flatpak_run_add_extension_args (GPtrArray *argv_array,
char ***envp_p,
GKeyFile *metakey,
const char *full_ref,
GCancellable *cancellable,
GError **error)
{
g_auto(GStrv) parts = NULL;
gboolean is_app;
GList *extensions, *l;
g_autoptr(GHashTable) mounted_tmpfs =
g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
g_autoptr(GHashTable) created_symlink =
g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
parts = g_strsplit (full_ref, "/", 0);
if (g_strv_length (parts) != 4)
return flatpak_fail (error, "Failed to determine parts from ref: %s", full_ref);
is_app = strcmp (parts[0], "app") == 0;
extensions = flatpak_list_extensions (metakey,
parts[2], parts[3]);
for (l = extensions; l != NULL; l = l->next)
{
FlatpakExtension *ext = l->data;
g_autofree char *directory = g_build_filename (is_app ? "/app" : "/usr", ext->directory, NULL);
g_autofree char *full_directory = g_build_filename (directory, ext->subdir_suffix, NULL);
g_autofree char *ref = g_build_filename (full_directory, ".ref", NULL);
g_autofree char *real_ref = g_build_filename (ext->files_path, ext->directory, ".ref", NULL);
int i;
if (ext->needs_tmpfs)
{
g_autofree char *parent = g_path_get_dirname (directory);
if (g_hash_table_lookup (mounted_tmpfs, parent) == NULL)
{
add_args (argv_array,
"--tmpfs", parent,
NULL);
g_hash_table_insert (mounted_tmpfs, g_steal_pointer (&parent), "mounted");
}
}
add_args (argv_array,
"--ro-bind", ext->files_path, full_directory,
NULL);
if (g_file_test (real_ref, G_FILE_TEST_EXISTS))
add_args (argv_array,
"--lock-file", ref,
NULL);
if (ext->add_ld_path)
{
g_autofree char *ld_path = g_build_filename (full_directory, ext->add_ld_path, NULL);
const gchar *old_ld_path = g_environ_getenv (*envp_p, "LD_LIBRARY_PATH");
g_autofree char *new_ld_path = NULL;
if (old_ld_path != NULL)
new_ld_path = g_strconcat (old_ld_path, ":", ld_path, NULL);
else
new_ld_path = g_strdup (new_ld_path);
*envp_p = g_environ_setenv (*envp_p, "LD_LIBRARY_PATH", new_ld_path , TRUE);
}
for (i = 0; ext->merge_dirs != NULL && ext->merge_dirs[i] != NULL; i++)
{
g_autofree char *parent = g_path_get_dirname (directory);
g_autofree char *merge_dir = g_build_filename (parent, ext->merge_dirs[i], NULL);
g_autofree char *source_dir = g_build_filename (ext->files_path, ext->merge_dirs[i], NULL);
g_auto(GLnxDirFdIterator) source_iter = { 0 };
struct dirent *dent;
if (glnx_dirfd_iterator_init_at (AT_FDCWD, source_dir, TRUE, &source_iter, NULL))
{
while (glnx_dirfd_iterator_next_dent (&source_iter, &dent, NULL, NULL) && dent != NULL)
{
g_autofree char *symlink_path = g_build_filename (merge_dir, dent->d_name, NULL);
/* Only create the first, because extensions are listed in prio order */
if (g_hash_table_lookup (created_symlink, symlink_path) == NULL)
{
g_autofree char *symlink = g_build_filename (directory, ext->merge_dirs[i], dent->d_name, NULL);
add_args (argv_array,
"--symlink", symlink, symlink_path,
NULL);
g_hash_table_insert (created_symlink, g_steal_pointer (&symlink_path), "created");
}
}
}
}
}
g_list_free_full (extensions, (GDestroyNotify) flatpak_extension_free);
return TRUE;
}
static char *
make_relative (const char *base, const char *path)
{
GString *s = g_string_new ("");
while (*base != 0)
{
while (*base == '/')
base++;
if (*base != 0)
g_string_append (s, "../");
while (*base != '/' && *base != 0)
base++;
}
while (*path == '/')
path++;
g_string_append (s, path);
return g_string_free (s, FALSE);
}
#define FAKE_MODE_HIDDEN 0
#define FAKE_MODE_SYMLINK G_MAXINT
typedef struct {
char *path;
int level;
guint mode;
} ExportedPath;
static gboolean
path_is_visible (const char **keys,
guint n_keys,
GHashTable *hash_table,
const char *path)
{
guint i;
gboolean is_visible = FALSE;
/* The keys are sorted so shorter (i.e. parents) are first */
for (i = 0; i < n_keys; i++)
{
const char *mounted_path = keys[i];
ExportedPath *ep = g_hash_table_lookup (hash_table, mounted_path);
if (flatpak_has_path_prefix (path, mounted_path))
{
if (ep->mode == FAKE_MODE_HIDDEN)
is_visible = FALSE;
else if (ep->mode != FAKE_MODE_SYMLINK)
is_visible = TRUE;
}
}
return is_visible;
}
static gint
compare_eps (const ExportedPath *a,
const ExportedPath *b)
{
if (a->level == b->level)
return g_strcmp0 (a->path, b->path);
else
return b->level - a->level;
}
static void
add_file_args (GPtrArray *argv_array,
GHashTable *hash_table)
{
guint n_keys;
g_autofree const char **keys = (const char **)g_hash_table_get_keys_as_array (hash_table, &n_keys);
g_autoptr(GList) eps = NULL;
GList *l;
eps = g_hash_table_get_values (hash_table);
eps = g_list_sort (eps, (GCompareFunc)compare_eps);
g_qsort_with_data (keys, n_keys, sizeof (char *), (GCompareDataFunc) flatpak_strcmp0_ptr, NULL);
for (l = eps; l != NULL; l = l->next)
{
ExportedPath *ep = l->data;
const char *path = ep->path;
if (ep->mode == FAKE_MODE_SYMLINK)
{
if (!path_is_visible (keys, n_keys, hash_table, path))
{
g_autofree char *resolved = flatpak_resolve_link (path, NULL);
if (resolved)
{
g_autofree char *parent = g_path_get_dirname (path);
g_autofree char *relative = make_relative (parent, resolved);
add_args (argv_array, "--symlink", relative, path, NULL);
}
}
}
else if (ep->mode == FAKE_MODE_HIDDEN)
{
/* Mount a tmpfs to hide the subdirectory, but only if
either its not visible (then we can always create the
dir on the tmpfs, or if there is a pre-existing dir
we can mount the path on. */
if (!path_is_visible (keys, n_keys, hash_table, path) ||
g_file_test (path, G_FILE_TEST_IS_DIR))
add_args (argv_array, "--tmpfs", path, NULL);
}
else
{
add_args (argv_array,
(ep->mode == FLATPAK_FILESYSTEM_MODE_READ_ONLY) ? "--ro-bind" : "--bind",
path, path, NULL);
}
}
}
static void
add_hide_path (GHashTable *hash_table,
const char *path)
{
guint old_mode;
ExportedPath *ep = g_new0 (ExportedPath, 1);
ExportedPath *old_ep;
old_ep = g_hash_table_lookup (hash_table, path);
if (old_ep)
old_mode = old_ep->mode;
else
old_mode = 0;
ep->path = g_strdup (path);
ep->level = 0;
ep->mode = MAX (old_mode, FAKE_MODE_HIDDEN);
g_hash_table_insert (hash_table, ep->path, ep);
}
/* We use the level to make sure we get the ordering somewhat right.
* For instance if /symlink -> /z_dir is exported, then we want to create
* /z_dir before /symlink, because otherwise an export like /symlink/foo
* will fail. The approach we use is to just bump the sort prio based on the
* symlink resolve depth. This it not perfect, but gets the common situation
* such as --filesystem=/link --filesystem=/link/dir right.
*/
static gboolean
_add_expose_path (GHashTable *hash_table,
FlatpakFilesystemMode mode,
const char *path,
int level)
{
g_autofree char *canonical = flatpak_canonicalize_filename (path);
struct stat st;
int i;
if (!g_path_is_absolute (path))
{
g_debug ("Not exposing relative path %s", path);
return FALSE;
}
for (i = 0; dont_export_in[i] != NULL; i++)
{
/* Don't expose files in non-mounted dirs like /app or /usr, as
they are not the same as on the host, and we generally can't
create the parents for them anyway */
if (g_str_has_prefix (canonical, dont_export_in[i]))
{
g_debug ("skipping export for path %s", canonical);
return FALSE;
}
}
if (lstat (path, &st) != 0)
return FALSE;
if (S_ISDIR (st.st_mode) ||
S_ISREG (st.st_mode) ||
S_ISLNK (st.st_mode) ||
S_ISSOCK (st.st_mode))
{
ExportedPath *old_ep = g_hash_table_lookup (hash_table, path);
guint old_mode = 0;
if (old_ep != NULL)
old_mode = old_ep->mode;
if (S_ISLNK (st.st_mode))
{
g_autofree char *resolved = flatpak_resolve_link (path, NULL);
if (resolved && _add_expose_path (hash_table, mode, resolved, level + 1))
mode = FAKE_MODE_SYMLINK;
else
mode = 0;
}
if (mode > 0)
{
ExportedPath *ep = g_new0 (ExportedPath, 1);
ep->path = g_strdup (path);
ep->mode = MAX (old_mode, mode);
ep->level = level;
g_hash_table_insert (hash_table, ep->path, ep);
return TRUE;
}
}
return FALSE;
}
static gboolean
add_expose_path (GHashTable *hash_table,
FlatpakFilesystemMode mode,
const char *path)
{
return _add_expose_path (hash_table, mode, path, 0);
}
gboolean
flatpak_run_add_environment_args (GPtrArray *argv_array,
GArray *fd_array,
char ***envp_p,
const char *app_info_path,
FlatpakRunFlags flags,
const char *app_id,
FlatpakContext *context,
GFile *app_id_dir,
GCancellable *cancellable,
GError **error)
{
GHashTableIter iter;
gpointer key, value;
gboolean unrestricted_session_bus;
gboolean unrestricted_system_bus;
gboolean home_access = FALSE;
GString *xdg_dirs_conf = NULL;
g_autoptr(GError) my_error = NULL;
FlatpakFilesystemMode fs_mode, home_mode;
g_autoptr(GFile) user_flatpak_dir = NULL;
g_autoptr(GHashTable) fs_paths = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, g_free);
g_autoptr(GPtrArray) session_bus_proxy_argv = NULL;
g_autoptr(GPtrArray) system_bus_proxy_argv = NULL;
int sync_fds[2] = {-1, -1};
if ((flags & FLATPAK_RUN_FLAG_NO_SESSION_BUS_PROXY) == 0)
session_bus_proxy_argv = g_ptr_array_new_with_free_func (g_free);
if ((flags & FLATPAK_RUN_FLAG_NO_SYSTEM_BUS_PROXY) == 0)
system_bus_proxy_argv = g_ptr_array_new_with_free_func (g_free);
if ((context->shares & FLATPAK_CONTEXT_SHARED_IPC) == 0)
{
g_debug ("Disallowing ipc access");
add_args (argv_array, "--unshare-ipc", NULL);
}
if ((context->shares & FLATPAK_CONTEXT_SHARED_NETWORK) == 0)
{
g_debug ("Disallowing network access");
add_args (argv_array, "--unshare-net", NULL);
}
if (context->devices & FLATPAK_CONTEXT_DEVICE_ALL)
{
add_args (argv_array,
"--dev-bind", "/dev", "/dev",
NULL);
}
else
{
add_args (argv_array,
"--dev", "/dev",
NULL);
if (context->devices & FLATPAK_CONTEXT_DEVICE_DRI)
{
g_debug ("Allowing dri access");
int i;
char *dri_devices[] = {
"/dev/dri",
/* mali */
"/dev/mali",
"/dev/umplock",
/* nvidia */
"/dev/nvidiactl",
"/dev/nvidia0",
"/dev/nvidia-modeset",
};
for (i = 0; i < G_N_ELEMENTS(dri_devices); i++)
{
if (g_file_test (dri_devices[i], G_FILE_TEST_EXISTS))
add_args (argv_array, "--dev-bind", dri_devices[i], dri_devices[i], NULL);
}
}
if (context->devices & FLATPAK_CONTEXT_DEVICE_KVM)
{
g_debug ("Allowing kvm access");
if (g_file_test ("/dev/kvm", G_FILE_TEST_EXISTS))
add_args (argv_array, "--dev-bind", "/dev/kvm", "/dev/kvm", NULL);
}
}
fs_mode = (FlatpakFilesystemMode) g_hash_table_lookup (context->filesystems, "host");
if (fs_mode != 0)
{
DIR *dir;
struct dirent *dirent;
g_debug ("Allowing host-fs access");
home_access = TRUE;
/* Bind mount most dirs in / into the new root */
dir = opendir ("/");
if (dir != NULL)
{
while ((dirent = readdir (dir)))
{
g_autofree char *path = NULL;
if (g_strv_contains (dont_mount_in_root, dirent->d_name))
continue;
path = g_build_filename ("/", dirent->d_name, NULL);
add_expose_path (fs_paths, fs_mode, path);
}
closedir (dir);
}
add_expose_path (fs_paths, fs_mode, "/run/media");
}
home_mode = (FlatpakFilesystemMode) g_hash_table_lookup (context->filesystems, "home");
if (home_mode != 0)
{
g_debug ("Allowing homedir access");
home_access = TRUE;
add_expose_path (fs_paths, MAX (home_mode, fs_mode), g_get_home_dir ());
}
if (!home_access)
{
/* Enable persistent mapping only if no access to real home dir */
g_hash_table_iter_init (&iter, context->persistent);
while (g_hash_table_iter_next (&iter, &key, NULL))
{
const char *persist = key;
g_autofree char *src = g_build_filename (g_get_home_dir (), ".var/app", app_id, persist, NULL);
g_autofree char *dest = g_build_filename (g_get_home_dir (), persist, NULL);
g_mkdir_with_parents (src, 0755);
add_args (argv_array,
"--bind", src, dest,
NULL);
}
}
{
g_autofree char *run_user_app_dst = g_strdup_printf ("/run/user/%d/app/%s", getuid (), app_id);
g_autofree char *run_user_app_src = g_build_filename (g_get_user_runtime_dir (), "app", app_id, NULL);
if (glnx_shutil_mkdir_p_at (AT_FDCWD,
run_user_app_src,
0700,
NULL,
NULL))
add_args (argv_array,
"--bind", run_user_app_src, run_user_app_dst,
NULL);
}
g_hash_table_iter_init (&iter, context->filesystems);
while (g_hash_table_iter_next (&iter, &key, &value))
{
const char *filesystem = key;
FlatpakFilesystemMode mode = GPOINTER_TO_INT (value);
if (value == NULL ||
strcmp (filesystem, "host") == 0 ||
strcmp (filesystem, "home") == 0)
continue;
if (g_str_has_prefix (filesystem, "xdg-"))
{
const char *path, *rest = NULL;
const char *config_key = NULL;
g_autofree char *subpath = NULL;
if (!get_xdg_user_dir_from_string (filesystem, &config_key, &rest, &path))
{
g_warning ("Unsupported xdg dir %s\n", filesystem);
continue;
}
if (path == NULL)
continue; /* Unconfigured, ignore */
if (strcmp (path, g_get_home_dir ()) == 0)
{
/* xdg-user-dirs sets disabled dirs to $HOME, and its in general not a good
idea to set full access to $HOME other than explicitly, so we ignore
these */
g_debug ("Xdg dir %s is $HOME (i.e. disabled), ignoring\n", filesystem);
continue;
}
subpath = g_build_filename (path, rest, NULL);
if (mode == FLATPAK_FILESYSTEM_MODE_CREATE)
g_mkdir_with_parents (subpath, 0755);
if (g_file_test (subpath, G_FILE_TEST_EXISTS))
{
if (xdg_dirs_conf == NULL)
xdg_dirs_conf = g_string_new ("");
if (config_key)
g_string_append_printf (xdg_dirs_conf, "%s=\"%s\"\n",
config_key, path);
add_expose_path (fs_paths, mode, subpath);
}
}
else if (g_str_has_prefix (filesystem, "~/"))
{
g_autofree char *path = NULL;
path = g_build_filename (g_get_home_dir (), filesystem + 2, NULL);
if (mode == FLATPAK_FILESYSTEM_MODE_CREATE)
g_mkdir_with_parents (path, 0755);
if (g_file_test (path, G_FILE_TEST_EXISTS))
add_expose_path (fs_paths, mode, path);
}
else if (g_str_has_prefix (filesystem, "/"))
{
if (mode == FLATPAK_FILESYSTEM_MODE_CREATE)
g_mkdir_with_parents (filesystem, 0755);
if (g_file_test (filesystem, G_FILE_TEST_EXISTS))
add_expose_path (fs_paths, mode, filesystem);
}
else
{
g_warning ("Unexpected filesystem arg %s\n", filesystem);
}
}
if (app_id_dir)
{
g_autoptr(GFile) apps_dir = g_file_get_parent (app_id_dir);
/* Hide the .var/app dir by default (unless explicitly made visible) */
add_hide_path (fs_paths, flatpak_file_get_path_cached (apps_dir));
/* But let the app write to the per-app dir in it */
add_expose_path (fs_paths, FLATPAK_FILESYSTEM_MODE_READ_WRITE,
flatpak_file_get_path_cached (app_id_dir));
}
/* Hide the flatpak dir by default (unless explicitly made visible) */
user_flatpak_dir = flatpak_get_user_base_dir_location ();
add_hide_path (fs_paths, flatpak_file_get_path_cached (user_flatpak_dir));
/* This actually outputs the args for the hide/expose operations above */
add_file_args (argv_array, fs_paths);
/* Ensure we always have a homedir */
add_args (argv_array,
"--dir", g_get_home_dir (),
NULL);
/* Special case subdirectories of the cache, config and data xdg dirs.
* If these are accessible explicilty, in a read-write fashion, then
* we bind-mount these in the app-id dir. This allows applications to
* explicitly opt out of keeping some config/cache/data in the
* app-specific directory.
*/
if (app_id_dir)
{
g_hash_table_iter_init (&iter, context->filesystems);
while (g_hash_table_iter_next (&iter, &key, &value))
{
const char *filesystem = key;
FlatpakFilesystemMode mode = GPOINTER_TO_INT (value);
g_autofree char *xdg_path = NULL;
const char *rest, *where;
xdg_path = get_xdg_dir_from_string (filesystem, &rest, &where);
if (xdg_path != NULL && *rest != 0 &&
mode >= FLATPAK_FILESYSTEM_MODE_READ_WRITE)
{
g_autoptr(GFile) app_version = g_file_get_child (app_id_dir, where);
g_autoptr(GFile) app_version_subdir = g_file_resolve_relative_path (app_version, rest);
if (g_file_test (xdg_path, G_FILE_TEST_IS_DIR))
{
g_autofree char *xdg_path_in_app = g_file_get_path (app_version_subdir);
g_mkdir_with_parents (xdg_path_in_app, 0755);
add_args (argv_array,
"--bind", xdg_path, xdg_path_in_app,
NULL);
}
}
}
}
if (home_access && app_id_dir != NULL)
{
g_autofree char *src_path = g_build_filename (g_get_user_config_dir (),
"user-dirs.dirs",
NULL);
g_autofree char *path = g_build_filename (flatpak_file_get_path_cached (app_id_dir),
"config/user-dirs.dirs", NULL);
if (g_file_test (src_path, G_FILE_TEST_EXISTS))
add_args (argv_array,
"--ro-bind", src_path, path,
NULL);
}
else if (xdg_dirs_conf != NULL && app_id_dir != NULL)
{
g_autofree char *tmp_path = NULL;
g_autofree char *path = NULL;
int fd;
fd = g_file_open_tmp ("flatpak-user-dir-XXXXXX.dirs", &tmp_path, NULL);
if (fd >= 0)
{
close (fd);
if (g_file_set_contents (tmp_path, xdg_dirs_conf->str, xdg_dirs_conf->len, NULL))
{
int tmp_fd = open (tmp_path, O_RDONLY);
unlink (tmp_path);
if (tmp_fd != -1)
{
g_autofree char *tmp_fd_str = g_strdup_printf ("%d", tmp_fd);
if (fd_array)
g_array_append_val (fd_array, tmp_fd);
path = g_build_filename (flatpak_file_get_path_cached (app_id_dir),
"config/user-dirs.dirs", NULL);
add_args (argv_array, "--file", tmp_fd_str, path, NULL);
}
}
}
g_string_free (xdg_dirs_conf, TRUE);
}
flatpak_run_add_x11_args (argv_array, fd_array, envp_p,
(context->sockets & FLATPAK_CONTEXT_SOCKET_X11) != 0);
if (context->sockets & FLATPAK_CONTEXT_SOCKET_WAYLAND)
{
g_debug ("Allowing wayland access");
flatpak_run_add_wayland_args (argv_array, envp_p);
}
if (context->sockets & FLATPAK_CONTEXT_SOCKET_PULSEAUDIO)
{
g_debug ("Allowing pulseaudio access");
flatpak_run_add_pulseaudio_args (argv_array, fd_array, envp_p);
}
unrestricted_session_bus = (context->sockets & FLATPAK_CONTEXT_SOCKET_SESSION_BUS) != 0;
if (unrestricted_session_bus)
g_debug ("Allowing session-dbus access");
if (flatpak_run_add_session_dbus_args (argv_array, envp_p, session_bus_proxy_argv, unrestricted_session_bus) &&
!unrestricted_session_bus && session_bus_proxy_argv)
flatpak_add_bus_filters (session_bus_proxy_argv, context->session_bus_policy, app_id, context);
unrestricted_system_bus = (context->sockets & FLATPAK_CONTEXT_SOCKET_SYSTEM_BUS) != 0;
if (unrestricted_system_bus)
g_debug ("Allowing system-dbus access");
if (flatpak_run_add_system_dbus_args (context, envp_p, argv_array, system_bus_proxy_argv,
unrestricted_system_bus) &&
!unrestricted_system_bus && system_bus_proxy_argv)
flatpak_add_bus_filters (system_bus_proxy_argv, context->system_bus_policy, NULL, context);
if (g_environ_getenv (*envp_p, "LD_LIBRARY_PATH") != NULL)
{
/* LD_LIBRARY_PATH is overridden for setuid helper, so pass it as cmdline arg */
add_args (argv_array,
"--setenv", "LD_LIBRARY_PATH", g_environ_getenv (*envp_p, "LD_LIBRARY_PATH"),
NULL);
*envp_p = g_environ_unsetenv (*envp_p, "LD_LIBRARY_PATH");
}
/* Must run this before spawning the dbus proxy, to ensure it
ends up in the app cgroup */
if (!flatpak_run_in_transient_unit (app_id, &my_error))
{
/* We still run along even if we don't get a cgroup, as nothing
really depends on it. Its just nice to have */
g_debug ("Failed to run in transient scope: %s\n", my_error->message);
g_clear_error (&my_error);
}
if (!add_dbus_proxy_args (argv_array, session_bus_proxy_argv, (flags & FLATPAK_RUN_FLAG_LOG_SESSION_BUS) != 0,
sync_fds, app_info_path, error))
return FALSE;
if (!add_dbus_proxy_args (argv_array, system_bus_proxy_argv, (flags & FLATPAK_RUN_FLAG_LOG_SYSTEM_BUS) != 0,
sync_fds, app_info_path, error))
return FALSE;
if (sync_fds[1] != -1)
close (sync_fds[1]);
return TRUE;
}
static const struct {const char *env;
const char *val;
} default_exports[] = {
{"PATH", "/app/bin:/usr/bin"},
{"LD_LIBRARY_PATH", "/app/lib"},
{"XDG_CONFIG_DIRS", "/app/etc/xdg:/etc/xdg"},
{"XDG_DATA_DIRS", "/app/share:/usr/share"},
{"SHELL", "/bin/sh"},
};
static const struct {const char *env;
const char *val;
} devel_exports[] = {
{"ACLOCAL_PATH", "/app/share/aclocal"},
{"C_INCLUDE_PATH", "/app/include"},
{"CPLUS_INCLUDE_PATH", "/app/include"},
{"LDFLAGS", "-L/app/lib "},
{"PKG_CONFIG_PATH", "/app/lib/pkgconfig:/app/share/pkgconfig:/usr/lib/pkgconfig:/usr/share/pkgconfig"},
{"LC_ALL", "en_US.utf8"},
};
char **
flatpak_run_get_minimal_env (gboolean devel)
{
GPtrArray *env_array;
static const char * const copy[] = {
"PWD",
"GDMSESSION",
"XDG_CURRENT_DESKTOP",
"XDG_SESSION_DESKTOP",
"DESKTOP_SESSION",
"EMAIL_ADDRESS",
"HOME",
"HOSTNAME",
"LOGNAME",
"REAL_NAME",
"TERM",
"USER",
"USERNAME",
};
static const char * const copy_nodevel[] = {
"LANG",
"LANGUAGE",
"LC_ALL",
"LC_ADDRESS",
"LC_COLLATE",
"LC_CTYPE",
"LC_IDENTIFICATION",
"LC_MEASUREMENT",
"LC_MESSAGES",
"LC_MONETARY",
"LC_NAME",
"LC_NUMERIC",
"LC_PAPER",
"LC_TELEPHONE",
"LC_TIME",
};
int i;
env_array = g_ptr_array_new_with_free_func (g_free);
for (i = 0; i < G_N_ELEMENTS (default_exports); i++)
g_ptr_array_add (env_array, g_strdup_printf ("%s=%s", default_exports[i].env, default_exports[i].val));
if (devel)
{
for (i = 0; i < G_N_ELEMENTS(devel_exports); i++)
g_ptr_array_add (env_array, g_strdup_printf ("%s=%s", devel_exports[i].env, devel_exports[i].val));
}
for (i = 0; i < G_N_ELEMENTS (copy); i++)
{
const char *current = g_getenv (copy[i]);
if (current)
g_ptr_array_add (env_array, g_strdup_printf ("%s=%s", copy[i], current));
}
if (!devel)
{
for (i = 0; i < G_N_ELEMENTS (copy_nodevel); i++)
{
const char *current = g_getenv (copy_nodevel[i]);
if (current)
g_ptr_array_add (env_array, g_strdup_printf ("%s=%s", copy_nodevel[i], current));
}
}
g_ptr_array_add (env_array, NULL);
return (char **) g_ptr_array_free (env_array, FALSE);
}
char **
flatpak_run_apply_env_default (char **envp)
{
int i;
for (i = 0; i < G_N_ELEMENTS (default_exports); i++)
envp = g_environ_setenv (envp, default_exports[i].env, default_exports[i].val, TRUE);
return envp;
}
char **
flatpak_run_apply_env_appid (char **envp,
GFile *app_dir)
{
g_autoptr(GFile) app_dir_data = NULL;
g_autoptr(GFile) app_dir_config = NULL;
g_autoptr(GFile) app_dir_cache = NULL;
app_dir_data = g_file_get_child (app_dir, "data");
app_dir_config = g_file_get_child (app_dir, "config");
app_dir_cache = g_file_get_child (app_dir, "cache");
envp = g_environ_setenv (envp, "XDG_DATA_HOME", flatpak_file_get_path_cached (app_dir_data), TRUE);
envp = g_environ_setenv (envp, "XDG_CONFIG_HOME", flatpak_file_get_path_cached (app_dir_config), TRUE);
envp = g_environ_setenv (envp, "XDG_CACHE_HOME", flatpak_file_get_path_cached (app_dir_cache), TRUE);
return envp;
}
char **
flatpak_run_apply_env_vars (char **envp, FlatpakContext *context)
{
GHashTableIter iter;
gpointer key, value;
g_hash_table_iter_init (&iter, context->env_vars);
while (g_hash_table_iter_next (&iter, &key, &value))
{
const char *var = key;
const char *val = value;
if (val && val[0] != 0)
envp = g_environ_setenv (envp, var, val, TRUE);
else
envp = g_environ_unsetenv (envp, var);
}
return envp;
}
GFile *
flatpak_get_data_dir (const char *app_id)
{
g_autoptr(GFile) home = g_file_new_for_path (g_get_home_dir ());
g_autoptr(GFile) var_app = g_file_resolve_relative_path (home, ".var/app");
return g_file_get_child (var_app, app_id);
}
GFile *
flatpak_ensure_data_dir (const char *app_id,
GCancellable *cancellable,
GError **error)
{
g_autoptr(GFile) dir = flatpak_get_data_dir (app_id);
g_autoptr(GFile) data_dir = g_file_get_child (dir, "data");
g_autoptr(GFile) cache_dir = g_file_get_child (dir, "cache");
g_autoptr(GFile) tmp_dir = g_file_get_child (cache_dir, "tmp");
g_autoptr(GFile) config_dir = g_file_get_child (dir, "config");
if (!flatpak_mkdir_p (data_dir, cancellable, error))
return NULL;
if (!flatpak_mkdir_p (cache_dir, cancellable, error))
return NULL;
if (!flatpak_mkdir_p (tmp_dir, cancellable, error))
return NULL;
if (!flatpak_mkdir_p (config_dir, cancellable, error))
return NULL;
return g_object_ref (dir);
}
struct JobData
{
char *job;
GMainLoop *main_loop;
};
static void
job_removed_cb (SystemdManager *manager,
guint32 id,
char *job,
char *unit,
char *result,
struct JobData *data)
{
if (strcmp (job, data->job) == 0)
g_main_loop_quit (data->main_loop);
}
gboolean
flatpak_run_in_transient_unit (const char *appid, GError **error)
{
g_autoptr(GDBusConnection) conn = NULL;
g_autofree char *path = NULL;
g_autofree char *address = NULL;
g_autofree char *name = NULL;
g_autofree char *job = NULL;
SystemdManager *manager = NULL;
GVariantBuilder builder;
GVariant *properties = NULL;
GVariant *aux = NULL;
guint32 pid;
GMainContext *main_context = NULL;
GMainLoop *main_loop = NULL;
struct JobData data;
gboolean res = FALSE;
path = g_strdup_printf ("/run/user/%d/systemd/private", getuid ());
if (!g_file_test (path, G_FILE_TEST_EXISTS))
return flatpak_fail (error,
"No systemd user session available, cgroups not available");
main_context = g_main_context_new ();
main_loop = g_main_loop_new (main_context, FALSE);
g_main_context_push_thread_default (main_context);
address = g_strconcat ("unix:path=", path, NULL);
conn = g_dbus_connection_new_for_address_sync (address,
G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT,
NULL,
NULL, error);
if (!conn)
goto out;
manager = systemd_manager_proxy_new_sync (conn,
G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES,
NULL,
"/org/freedesktop/systemd1",
NULL, error);
if (!manager)
goto out;
name = g_strdup_printf ("flatpak-%s-%d.scope", appid, getpid ());
g_variant_builder_init (&builder, G_VARIANT_TYPE ("a(sv)"));
pid = getpid ();
g_variant_builder_add (&builder, "(sv)",
"PIDs",
g_variant_new_fixed_array (G_VARIANT_TYPE ("u"),
&pid, 1, sizeof (guint32))
);
properties = g_variant_builder_end (&builder);
aux = g_variant_new_array (G_VARIANT_TYPE ("(sa(sv))"), NULL, 0);
if (!systemd_manager_call_start_transient_unit_sync (manager,
name,
"fail",
properties,
aux,
&job,
NULL,
error))
goto out;
data.job = job;
data.main_loop = main_loop;
g_signal_connect (manager, "job-removed", G_CALLBACK (job_removed_cb), &data);
g_main_loop_run (main_loop);
res = TRUE;
out:
if (main_context)
{
g_main_context_pop_thread_default (main_context);
g_main_context_unref (main_context);
}
if (main_loop)
g_main_loop_unref (main_loop);
if (manager)
g_object_unref (manager);
return res;
}
static void
add_font_path_args (GPtrArray *argv_array)
{
g_autoptr(GFile) home = NULL;
g_autoptr(GFile) user_font1 = NULL;
g_autoptr(GFile) user_font2 = NULL;
if (g_file_test (SYSTEM_FONTS_DIR, G_FILE_TEST_EXISTS))
{
add_args (argv_array,
"--ro-bind", SYSTEM_FONTS_DIR, "/run/host/fonts",
NULL);
}
home = g_file_new_for_path (g_get_home_dir ());
user_font1 = g_file_resolve_relative_path (home, ".local/share/fonts");
user_font2 = g_file_resolve_relative_path (home, ".fonts");
if (g_file_query_exists (user_font1, NULL))
{
add_args (argv_array,
"--ro-bind", flatpak_file_get_path_cached (user_font1), "/run/host/user-fonts",
NULL);
}
else if (g_file_query_exists (user_font2, NULL))
{
add_args (argv_array,
"--ro-bind", flatpak_file_get_path_cached (user_font2), "/run/host/user-fonts",
NULL);
}
}
static void
add_default_permissions (FlatpakContext *app_context)
{
flatpak_context_set_session_bus_policy (app_context,
"org.freedesktop.portal.*",
FLATPAK_POLICY_TALK);
}
static FlatpakContext *
compute_permissions (GKeyFile *app_metadata,
GKeyFile *runtime_metadata,
GError **error)
{
g_autoptr(FlatpakContext) app_context = NULL;
app_context = flatpak_context_new ();
add_default_permissions (app_context);
if (!flatpak_context_load_metadata (app_context, runtime_metadata, error))
return NULL;
if (app_metadata != NULL &&
!flatpak_context_load_metadata (app_context, app_metadata, error))
return NULL;
return g_steal_pointer (&app_context);
}
gboolean
flatpak_run_add_app_info_args (GPtrArray *argv_array,
GArray *fd_array,
GFile *app_files,
GFile *runtime_files,
const char *app_id,
const char *app_branch,
const char *runtime_ref,
FlatpakContext *final_app_context,
char **app_info_path_out,
GError **error)
{
g_autofree char *tmp_path = NULL;
int fd;
g_autoptr(GKeyFile) keyfile = NULL;
g_autofree char *runtime_path = NULL;
g_autofree char *fd_str = NULL;
g_autofree char *old_dest = g_strdup_printf ("/run/user/%d/flatpak-info", getuid ());
const char *group;
fd = g_file_open_tmp ("flatpak-context-XXXXXX", &tmp_path, NULL);
if (fd < 0)
{
int errsv = errno;
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv),
_("Failed to open flatpak-info temp file: %s"), g_strerror (errsv));
return FALSE;
}
close (fd);
keyfile = g_key_file_new ();
if (app_files)
group = "Application";
else
group = "Runtime";
g_key_file_set_string (keyfile, group, "name", app_id);
g_key_file_set_string (keyfile, group, "runtime", runtime_ref);
if (app_files)
{
g_autofree char *app_path = g_file_get_path (app_files);
g_key_file_set_string (keyfile, "Instance", "app-path", app_path);
}
runtime_path = g_file_get_path (runtime_files);
g_key_file_set_string (keyfile, "Instance", "runtime-path", runtime_path);
if (app_branch != NULL)
g_key_file_set_string (keyfile, "Instance", "branch", app_branch);
g_key_file_set_string (keyfile, "Instance", "flatpak-version", PACKAGE_VERSION);
if ((final_app_context->sockets & FLATPAK_CONTEXT_SOCKET_SESSION_BUS) == 0)
g_key_file_set_boolean (keyfile, "Instance", "session-bus-proxy", TRUE);
if ((final_app_context->sockets & FLATPAK_CONTEXT_SOCKET_SYSTEM_BUS) == 0)
g_key_file_set_boolean (keyfile, "Instance", "system-bus-proxy", TRUE);
flatpak_context_save_metadata (final_app_context, TRUE, keyfile);
if (!g_key_file_save_to_file (keyfile, tmp_path, error))
return FALSE;
fd = open (tmp_path, O_RDONLY);
if (fd == -1)
{
int errsv = errno;
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv),
_("Failed to open temp file: %s"), g_strerror (errsv));
return FALSE;
}
unlink (tmp_path);
fd_str = g_strdup_printf ("%d", fd);
if (fd_array)
g_array_append_val (fd_array, fd);
add_args (argv_array,
"--ro-bind-data", fd_str, "/.flatpak-info",
"--symlink", "../../../.flatpak-info", old_dest,
NULL);
if (app_info_path_out != NULL)
*app_info_path_out = g_strdup_printf ("/proc/self/fd/%d", fd);
return TRUE;
}
static void
add_monitor_path_args (gboolean use_session_helper,
GPtrArray *argv_array)
{
g_autoptr(AutoFlatpakSessionHelper) session_helper = NULL;
g_autofree char *monitor_path = NULL;
if (use_session_helper)
{
session_helper =
flatpak_session_helper_proxy_new_for_bus_sync (G_BUS_TYPE_SESSION,
G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
"org.freedesktop.Flatpak",
"/org/freedesktop/Flatpak/SessionHelper",
NULL, NULL);
}
if (session_helper &&
flatpak_session_helper_call_request_monitor_sync (session_helper,
&monitor_path,
NULL, NULL))
{
add_args (argv_array,
"--ro-bind", monitor_path, "/run/host/monitor",
NULL);
add_args (argv_array,
"--symlink", "/run/host/monitor/localtime", "/etc/localtime",
NULL);
add_args (argv_array,
"--symlink", "/run/host/monitor/resolv.conf", "/etc/resolv.conf",
NULL);
}
else
{
/* /etc/localtime and /etc/resolv.conf can not exist (or be symlinks to
* non-existing targets), in which case we don't want to attempt to create
* bogus symlinks or bind mounts, as that will cause flatpak run to fail.
*/
if (g_file_test ("/etc/localtime", G_FILE_TEST_EXISTS))
{
char localtime[PATH_MAX + 1];
ssize_t symlink_size;
gboolean is_reachable = FALSE;
symlink_size = readlink ("/etc/localtime", localtime, sizeof (localtime) - 1);
if (symlink_size > 0)
{
g_autoptr(GFile) base_file = NULL;
g_autoptr(GFile) target_file = NULL;
g_autofree char *target_canonical = NULL;
/* readlink() does not append a null byte to the buffer. */
localtime[symlink_size] = 0;
base_file = g_file_new_for_path ("/etc");
target_file = g_file_resolve_relative_path (base_file, localtime);
target_canonical = g_file_get_path (target_file);
is_reachable = g_str_has_prefix (target_canonical, "/usr/");
}
if (is_reachable)
{
add_args (argv_array,
"--symlink", localtime, "/etc/localtime",
NULL);
}
else
{
add_args (argv_array,
"--ro-bind", "/etc/localtime", "/etc/localtime",
NULL);
}
}
if (g_file_test ("/etc/resolv.conf", G_FILE_TEST_EXISTS))
{
add_args (argv_array,
"--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf",
NULL);
}
}
}
static void
add_document_portal_args (GPtrArray *argv_array,
const char *app_id)
{
g_autoptr(GDBusConnection) session_bus = NULL;
g_autofree char *doc_mount_path = NULL;
session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
if (session_bus)
{
g_autoptr(GError) local_error = NULL;
g_autoptr(GDBusMessage) reply = NULL;
g_autoptr(GDBusMessage) msg =
g_dbus_message_new_method_call ("org.freedesktop.portal.Documents",
"/org/freedesktop/portal/documents",
"org.freedesktop.portal.Documents",
"GetMountPoint");
g_dbus_message_set_body (msg, g_variant_new ("()"));
reply =
g_dbus_connection_send_message_with_reply_sync (session_bus, msg,
G_DBUS_SEND_MESSAGE_FLAGS_NONE,
30000,
NULL,
NULL,
NULL);
if (reply)
{
if (g_dbus_message_to_gerror (reply, &local_error))
{
g_message ("Can't get document portal: %s\n", local_error->message);
}
else
{
g_autofree char *src_path = NULL;
g_autofree char *dst_path = NULL;
g_variant_get (g_dbus_message_get_body (reply),
"(^ay)", &doc_mount_path);
src_path = g_strdup_printf ("%s/by-app/%s",
doc_mount_path, app_id);
dst_path = g_strdup_printf ("/run/user/%d/doc", getuid ());
add_args (argv_array, "--bind", src_path, dst_path, NULL);
}
}
}
}
static gchar *
join_args (GPtrArray *argv_array, gsize *len_out)
{
gchar *string;
gchar *ptr;
gint i;
gsize len = 0;
for (i = 0; i < argv_array->len; i++)
len += strlen (argv_array->pdata[i]) + 1;
string = g_new (gchar, len);
*string = 0;
ptr = string;
for (i = 0; i < argv_array->len; i++)
ptr = g_stpcpy (ptr, argv_array->pdata[i]) + 1;
*len_out = len;
return string;
}
typedef struct {
int sync_fd;
int app_info_fd;
int bwrap_args_fd;
} DbusProxySpawnData;
static void
dbus_spawn_child_setup (gpointer user_data)
{
DbusProxySpawnData *data = user_data;
/* Unset CLOEXEC */
fcntl (data->sync_fd, F_SETFD, 0);
fcntl (data->app_info_fd, F_SETFD, 0);
fcntl (data->bwrap_args_fd, F_SETFD, 0);
}
/* This wraps the argv in a bwrap call, primary to allow the
command to be run with a proper /.flatpak-info with data
taken from app_info_fd */
static gboolean
prepend_bwrap_argv_wrapper (GPtrArray *argv,
int app_info_fd,
int *bwrap_fd_out,
GError **error)
{
int i = 0;
g_auto(GLnxDirFdIterator) dir_iter = { 0 };
struct dirent *dent;
g_autoptr(GPtrArray) bwrap_args = g_ptr_array_new_with_free_func (g_free);
gsize bwrap_args_len;
glnx_fd_close int bwrap_args_fd = -1;
g_autofree char *bwrap_args_data = NULL;
g_autofree char *proxy_socket_dir = g_build_filename (g_get_user_runtime_dir (), ".dbus-proxy/", NULL);
if (!glnx_dirfd_iterator_init_at (AT_FDCWD, "/", FALSE, &dir_iter, error))
return FALSE;
while (TRUE)
{
if (!glnx_dirfd_iterator_next_dent_ensure_dtype (&dir_iter, &dent, NULL, error))
return FALSE;
if (dent == NULL)
break;
if (strcmp (dent->d_name, ".flatpak-info") == 0)
continue;
if (dent->d_type == DT_DIR)
{
if (strcmp (dent->d_name, "tmp") == 0 ||
strcmp (dent->d_name, "var") == 0 ||
strcmp (dent->d_name, "run") == 0)
g_ptr_array_add (bwrap_args, g_strdup ("--bind"));
else
g_ptr_array_add (bwrap_args, g_strdup ("--ro-bind"));
g_ptr_array_add (bwrap_args, g_strconcat ("/", dent->d_name, NULL));
g_ptr_array_add (bwrap_args, g_strconcat ("/", dent->d_name, NULL));
}
else if (dent->d_type == DT_LNK)
{
ssize_t symlink_size;
char path_buffer[PATH_MAX + 1];
symlink_size = readlinkat (dir_iter.fd, dent->d_name, path_buffer, sizeof (path_buffer) - 1);
if (symlink_size < 0)
{
glnx_set_error_from_errno (error);
return FALSE;
}
path_buffer[symlink_size] = 0;
g_ptr_array_add (bwrap_args, g_strdup ("--symlink"));
g_ptr_array_add (bwrap_args, g_strdup (path_buffer));
g_ptr_array_add (bwrap_args, g_strconcat ("/", dent->d_name, NULL));
}
}
g_ptr_array_add (bwrap_args, g_strdup ("--bind"));
g_ptr_array_add (bwrap_args, g_strdup (proxy_socket_dir));
g_ptr_array_add (bwrap_args, g_strdup (proxy_socket_dir));
g_ptr_array_add (bwrap_args, g_strdup ("--ro-bind-data"));
g_ptr_array_add (bwrap_args, g_strdup_printf ("%d", app_info_fd));
g_ptr_array_add (bwrap_args, g_strdup ("/.flatpak-info"));
bwrap_args_data = join_args (bwrap_args, &bwrap_args_len);
bwrap_args_fd = create_tmp_fd (bwrap_args_data, bwrap_args_len, error);
if (bwrap_args_fd < 0)
return FALSE;
g_ptr_array_insert (argv, i++, g_strdup (flatpak_get_bwrap ()));
g_ptr_array_insert (argv, i++, g_strdup ("--args"));
g_ptr_array_insert (argv, i++, g_strdup_printf ("%d", bwrap_args_fd));
*bwrap_fd_out = bwrap_args_fd;
bwrap_args_fd = -1; /* Steal it */
return TRUE;
}
static gboolean
add_dbus_proxy_args (GPtrArray *argv_array,
GPtrArray *dbus_proxy_argv,
gboolean enable_logging,
int sync_fds[2],
const char *app_info_path,
GError **error)
{
char x = 'x';
const char *proxy;
g_autofree char *commandline = NULL;
DbusProxySpawnData spawn_data;
glnx_fd_close int app_info_fd = -1;
glnx_fd_close int bwrap_args_fd = -1;
if (dbus_proxy_argv == NULL ||
dbus_proxy_argv->len == 0)
return TRUE;
if (sync_fds[0] == -1)
{
g_autofree char *fd_str = NULL;
if (pipe (sync_fds) < 0)
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (errno),
_("Unable to create sync pipe"));
return FALSE;
}
fd_str = g_strdup_printf ("%d", sync_fds[0]);
add_args (argv_array, "--sync-fd", fd_str, NULL);
}
proxy = g_getenv ("FLATPAK_DBUSPROXY");
if (proxy == NULL)
proxy = DBUSPROXY;
g_ptr_array_insert (dbus_proxy_argv, 0, g_strdup (proxy));
g_ptr_array_insert (dbus_proxy_argv, 1, g_strdup_printf ("--fd=%d", sync_fds[1]));
if (enable_logging)
g_ptr_array_add (dbus_proxy_argv, g_strdup ("--log"));
g_ptr_array_add (dbus_proxy_argv, NULL); /* NULL terminate */
app_info_fd = open (app_info_path, O_RDONLY);
if (app_info_fd == -1)
{
int errsv = errno;
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv),
_("Failed to open app info file: %s"), g_strerror (errsv));
return FALSE;
}
if (!prepend_bwrap_argv_wrapper (dbus_proxy_argv, app_info_fd, &bwrap_args_fd, error))
return FALSE;
commandline = flatpak_quote_argv ((const char **) dbus_proxy_argv->pdata);
g_debug ("Running '%s'", commandline);
spawn_data.sync_fd = sync_fds[1];
spawn_data.app_info_fd = app_info_fd;
spawn_data.bwrap_args_fd = bwrap_args_fd;
if (!g_spawn_async (NULL,
(char **) dbus_proxy_argv->pdata,
NULL,
G_SPAWN_SEARCH_PATH,
dbus_spawn_child_setup,
&spawn_data,
NULL, error))
{
close (sync_fds[0]);
close (sync_fds[1]);
return FALSE;
}
/* Sync with proxy, i.e. wait until its listening on the sockets */
if (read (sync_fds[0], &x, 1) != 1)
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (errno),
_("Failed to sync with dbus proxy"));
close (sync_fds[0]);
close (sync_fds[1]);
return FALSE;
}
return TRUE;
}
#ifdef ENABLE_SECCOMP
static const uint32_t seccomp_x86_64_extra_arches[] = { SCMP_ARCH_X86, 0, };
#ifdef SCMP_ARCH_AARCH64
static const uint32_t seccomp_aarch64_extra_arches[] = { SCMP_ARCH_ARM, 0 };
#endif
static inline void
cleanup_seccomp (void *p)
{
scmp_filter_ctx *pp = (scmp_filter_ctx *) p;
if (*pp)
seccomp_release (*pp);
}
static gboolean
setup_seccomp (GPtrArray *argv_array,
GArray *fd_array,
const char *arch,
gboolean multiarch,
gboolean devel,
GError **error)
{
__attribute__((cleanup (cleanup_seccomp))) scmp_filter_ctx seccomp = NULL;
/**** BEGIN NOTE ON CODE SHARING
*
* There are today a number of different Linux container
* implementations. That will likely continue for long into the
* future. But we can still try to share code, and it's important
* to do so because it affects what library and application writers
* can do, and we should support code portability between different
* container tools.
*
* This syscall blacklist is copied from linux-user-chroot, which was in turn
* clearly influenced by the Sandstorm.io blacklist.
*
* If you make any changes here, I suggest sending the changes along
* to other sandbox maintainers. Using the libseccomp list is also
* an appropriate venue:
* https://groups.google.com/forum/#!topic/libseccomp
*
* A non-exhaustive list of links to container tooling that might
* want to share this blacklist:
*
* https://github.com/sandstorm-io/sandstorm
* in src/sandstorm/supervisor.c++
* http://cgit.freedesktop.org/xdg-app/xdg-app/
* in common/flatpak-run.c
* https://git.gnome.org/browse/linux-user-chroot
* in src/setup-seccomp.c
*
**** END NOTE ON CODE SHARING
*/
struct
{
int scall;
struct scmp_arg_cmp *arg;
} syscall_blacklist[] = {
/* Block dmesg */
{SCMP_SYS (syslog)},
/* Useless old syscall */
{SCMP_SYS (uselib)},
/* Don't allow you to switch to bsd emulation or whatnot */
{SCMP_SYS (personality)},
/* Don't allow disabling accounting */
{SCMP_SYS (acct)},
/* 16-bit code is unnecessary in the sandbox, and modify_ldt is a
historic source of interesting information leaks. */
{SCMP_SYS (modify_ldt)},
/* Don't allow reading current quota use */
{SCMP_SYS (quotactl)},
/* Don't allow access to the kernel keyring */
{SCMP_SYS (add_key)},
{SCMP_SYS (keyctl)},
{SCMP_SYS (request_key)},
/* Scary VM/NUMA ops */
{SCMP_SYS (move_pages)},
{SCMP_SYS (mbind)},
{SCMP_SYS (get_mempolicy)},
{SCMP_SYS (set_mempolicy)},
{SCMP_SYS (migrate_pages)},
/* Don't allow subnamespace setups: */
{SCMP_SYS (unshare)},
{SCMP_SYS (mount)},
{SCMP_SYS (pivot_root)},
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
{SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
};
struct
{
int scall;
struct scmp_arg_cmp *arg;
} syscall_nondevel_blacklist[] = {
/* Profiling operations; we expect these to be done by tools from outside
* the sandbox. In particular perf has been the source of many CVEs.
*/
{SCMP_SYS (perf_event_open)},
{SCMP_SYS (ptrace)}
};
/* Blacklist all but unix, inet, inet6 and netlink */
int socket_family_blacklist[] = {
AF_AX25,
AF_IPX,
AF_APPLETALK,
AF_NETROM,
AF_BRIDGE,
AF_ATMPVC,
AF_X25,
AF_ROSE,
AF_DECnet,
AF_NETBEUI,
AF_SECURITY,
AF_KEY,
AF_NETLINK + 1, /* Last gets CMP_GE, so order is important */
};
int i, r;
glnx_fd_close int fd = -1;
g_autofree char *fd_str = NULL;
g_autofree char *path = NULL;
seccomp = seccomp_init (SCMP_ACT_ALLOW);
if (!seccomp)
return flatpak_fail (error, "Initialize seccomp failed");
if (arch != NULL)
{
uint32_t arch_id = 0;
const uint32_t *extra_arches = NULL;
if (strcmp (arch, "i386") == 0)
{
arch_id = SCMP_ARCH_X86;
}
else if (strcmp (arch, "x86_64") == 0)
{
arch_id = SCMP_ARCH_X86_64;
extra_arches = seccomp_x86_64_extra_arches;
}
else if (strcmp (arch, "arm") == 0)
{
arch_id = SCMP_ARCH_ARM;
}
#ifdef SCMP_ARCH_AARCH64
else if (strcmp (arch, "aarch64") == 0)
{
arch_id = SCMP_ARCH_AARCH64;
extra_arches = seccomp_aarch64_extra_arches;
}
#endif
/* We only really need to handle arches on multiarch systems.
* If only one arch is supported the default is fine */
if (arch_id != 0)
{
/* This *adds* the target arch, instead of replacing the
native one. This is not ideal, because we'd like to only
allow the target arch, but we can't really disallow the
native arch at this point, because then bubblewrap
couldn't continue running. */
r = seccomp_arch_add (seccomp, arch_id);
if (r < 0 && r != -EEXIST)
return flatpak_fail (error, "Failed to add architecture to seccomp filter");
if (multiarch && extra_arches != NULL)
{
unsigned i;
for (i = 0; extra_arches[i] != 0; i++)
{
r = seccomp_arch_add (seccomp, extra_arches[i]);
if (r < 0 && r != -EEXIST)
return flatpak_fail (error, "Failed to add multiarch architecture to seccomp filter");
}
}
}
}
/* TODO: Should we filter the kernel keyring syscalls in some way?
* We do want them to be used by desktop apps, but they could also perhaps
* leak system stuff or secrets from other apps.
*/
for (i = 0; i < G_N_ELEMENTS (syscall_blacklist); i++)
{
int scall = syscall_blacklist[i].scall;
if (syscall_blacklist[i].arg)
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (EPERM), scall, 1, *syscall_blacklist[i].arg);
else
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (EPERM), scall, 0);
if (r < 0 && r == -EFAULT /* unknown syscall */)
return flatpak_fail (error, "Failed to block syscall %d", scall);
}
if (!devel)
{
for (i = 0; i < G_N_ELEMENTS (syscall_nondevel_blacklist); i++)
{
int scall = syscall_nondevel_blacklist[i].scall;
if (syscall_nondevel_blacklist[i].arg)
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (EPERM), scall, 1, *syscall_nondevel_blacklist[i].arg);
else
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (EPERM), scall, 0);
if (r < 0 && r == -EFAULT /* unknown syscall */)
return flatpak_fail (error, "Failed to block syscall %d", scall);
}
}
/* Socket filtering doesn't work on e.g. i386, so ignore failures here
* However, we need to user seccomp_rule_add_exact to avoid libseccomp doing
* something else: https://github.com/seccomp/libseccomp/issues/8 */
for (i = 0; i < G_N_ELEMENTS (socket_family_blacklist); i++)
{
int family = socket_family_blacklist[i];
if (i == G_N_ELEMENTS (socket_family_blacklist) - 1)
seccomp_rule_add_exact (seccomp, SCMP_ACT_ERRNO (EAFNOSUPPORT), SCMP_SYS (socket), 1, SCMP_A0 (SCMP_CMP_GE, family));
else
seccomp_rule_add_exact (seccomp, SCMP_ACT_ERRNO (EAFNOSUPPORT), SCMP_SYS (socket), 1, SCMP_A0 (SCMP_CMP_EQ, family));
}
fd = g_file_open_tmp ("flatpak-seccomp-XXXXXX", &path, error);
if (fd == -1)
return FALSE;
unlink (path);
if (seccomp_export_bpf (seccomp, fd) != 0)
return flatpak_fail (error, "Failed to export bpf");
lseek (fd, 0, SEEK_SET);
fd_str = g_strdup_printf ("%d", fd);
if (fd_array)
g_array_append_val (fd_array, fd);
add_args (argv_array,
"--seccomp", fd_str,
NULL);
fd = -1; /* Don't close on success */
return TRUE;
}
#endif
gboolean
flatpak_run_setup_base_argv (GPtrArray *argv_array,
GArray *fd_array,
GFile *runtime_files,
GFile *app_id_dir,
const char *arch,
FlatpakRunFlags flags,
GError **error)
{
const char *usr_links[] = {"lib", "lib32", "lib64", "bin", "sbin"};
g_autofree char *run_dir = g_strdup_printf ("/run/user/%d", getuid ());
int i;
int passwd_fd = -1;
g_autofree char *passwd_fd_str = NULL;
g_autofree char *passwd_contents = NULL;
int group_fd = -1;
g_autofree char *group_fd_str = NULL;
g_autofree char *group_contents = NULL;
struct group *g = getgrgid (getgid ());
g_autoptr(GFile) etc = NULL;
passwd_contents = g_strdup_printf ("%s:x:%d:%d:%s:%s:%s\n"
"nfsnobody:x:65534:65534:Unmapped user:/:/sbin/nologin\n",
g_get_user_name (),
getuid (), getgid (),
g_get_real_name (),
g_get_home_dir (),
DEFAULT_SHELL);
if ((passwd_fd = create_tmp_fd (passwd_contents, -1, error)) < 0)
return FALSE;
passwd_fd_str = g_strdup_printf ("%d", passwd_fd);
if (fd_array)
g_array_append_val (fd_array, passwd_fd);
group_contents = g_strdup_printf ("%s:x:%d:%s\n"
"nfsnobody:x:65534:\n",
g->gr_name,
getgid (), g_get_user_name ());
if ((group_fd = create_tmp_fd (group_contents, -1, error)) < 0)
return FALSE;
group_fd_str = g_strdup_printf ("%d", group_fd);
if (fd_array)
g_array_append_val (fd_array, group_fd);
add_args (argv_array,
"--unshare-pid",
"--proc", "/proc",
"--dir", "/tmp",
"--dir", "/var/tmp",
"--dir", "/run/host",
"--dir", run_dir,
"--setenv", "XDG_RUNTIME_DIR", run_dir,
"--symlink", "../run", "/var/run",
"--ro-bind", "/sys/block", "/sys/block",
"--ro-bind", "/sys/bus", "/sys/bus",
"--ro-bind", "/sys/class", "/sys/class",
"--ro-bind", "/sys/dev", "/sys/dev",
"--ro-bind", "/sys/devices", "/sys/devices",
NULL);
if (flags & FLATPAK_RUN_FLAG_WRITABLE_ETC)
add_args (argv_array,
"--dir", "/usr/etc",
"--symlink", "usr/etc", "/etc",
NULL);
add_args (argv_array,
"--bind-data", passwd_fd_str, "/etc/passwd",
"--bind-data", group_fd_str, "/etc/group",
NULL);
if (g_file_test ("/etc/machine-id", G_FILE_TEST_EXISTS))
add_args (argv_array, "--ro-bind", "/etc/machine-id", "/etc/machine-id", NULL);
else if (g_file_test ("/var/lib/dbus/machine-id", G_FILE_TEST_EXISTS))
add_args (argv_array, "--ro-bind", "/var/lib/dbus/machine-id", "/etc/machine-id", NULL);
if (runtime_files)
etc = g_file_get_child (runtime_files, "etc");
if (etc != NULL &&
(flags & FLATPAK_RUN_FLAG_WRITABLE_ETC) == 0 &&
g_file_query_exists (etc, NULL))
{
g_auto(GLnxDirFdIterator) dfd_iter = { 0, };
struct dirent *dent;
char path_buffer[PATH_MAX + 1];
ssize_t symlink_size;
gboolean inited;
inited = glnx_dirfd_iterator_init_at (AT_FDCWD, flatpak_file_get_path_cached (etc), FALSE, &dfd_iter, NULL);
while (inited)
{
g_autofree char *src = NULL;
g_autofree char *dest = NULL;
if (!glnx_dirfd_iterator_next_dent_ensure_dtype (&dfd_iter, &dent, NULL, NULL) || dent == NULL)
break;
if (strcmp (dent->d_name, "passwd") == 0 ||
strcmp (dent->d_name, "group") == 0 ||
strcmp (dent->d_name, "machine-id") == 0 ||
strcmp (dent->d_name, "resolv.conf") == 0 ||
strcmp (dent->d_name, "localtime") == 0)
continue;
src = g_build_filename (flatpak_file_get_path_cached (etc), dent->d_name, NULL);
dest = g_build_filename ("/etc", dent->d_name, NULL);
if (dent->d_type == DT_LNK)
{
symlink_size = readlinkat (dfd_iter.fd, dent->d_name, path_buffer, sizeof (path_buffer) - 1);
if (symlink_size < 0)
{
glnx_set_error_from_errno (error);
return FALSE;
}
path_buffer[symlink_size] = 0;
add_args (argv_array, "--symlink", path_buffer, dest, NULL);
}
else
{
add_args (argv_array, "--bind", src, dest, NULL);
}
}
}
if (app_id_dir != NULL)
{
g_autoptr(GFile) app_cache_dir = g_file_get_child (app_id_dir, "cache");
g_autoptr(GFile) app_tmp_dir = g_file_get_child (app_cache_dir, "tmp");
g_autoptr(GFile) app_data_dir = g_file_get_child (app_id_dir, "data");
g_autoptr(GFile) app_config_dir = g_file_get_child (app_id_dir, "config");
add_args (argv_array,
/* These are nice to have as a fixed path */
"--bind", flatpak_file_get_path_cached (app_cache_dir), "/var/cache",
"--bind", flatpak_file_get_path_cached (app_data_dir), "/var/data",
"--bind", flatpak_file_get_path_cached (app_config_dir), "/var/config",
"--bind", flatpak_file_get_path_cached (app_tmp_dir), "/var/tmp",
NULL);
}
for (i = 0; runtime_files != NULL && i < G_N_ELEMENTS (usr_links); i++)
{
const char *subdir = usr_links[i];
g_autoptr(GFile) runtime_subdir = g_file_get_child (runtime_files, subdir);
if (g_file_query_exists (runtime_subdir, NULL))
{
g_autofree char *link = g_strconcat ("usr/", subdir, NULL);
g_autofree char *dest = g_strconcat ("/", subdir, NULL);
add_args (argv_array,
"--symlink", link, dest,
NULL);
}
}
#ifdef ENABLE_SECCOMP
if (!setup_seccomp (argv_array,
fd_array,
arch,
(flags & FLATPAK_RUN_FLAG_MULTIARCH) != 0,
(flags & FLATPAK_RUN_FLAG_DEVEL) != 0,
error))
return FALSE;
#endif
if ((flags & FLATPAK_RUN_FLAG_WRITABLE_ETC) == 0)
add_monitor_path_args ((flags & FLATPAK_RUN_FLAG_NO_SESSION_HELPER) == 0, argv_array);
return TRUE;
}
static void
clear_fd (gpointer data)
{
int *fd_p = data;
if (fd_p != NULL && *fd_p != -1)
close (*fd_p);
}
static void
child_setup (gpointer user_data)
{
GArray *fd_array = user_data;
int i;
/* If no fd_array was specified, don't care. */
if (fd_array == NULL)
return;
/* Otherwise, mark not - close-on-exec all the fds in the array */
for (i = 0; i < fd_array->len; i++)
fcntl (g_array_index (fd_array, int, i), F_SETFD, 0);
}
gboolean
flatpak_run_app (const char *app_ref,
FlatpakDeploy *app_deploy,
FlatpakContext *extra_context,
const char *custom_runtime,
const char *custom_runtime_version,
FlatpakRunFlags flags,
const char *custom_command,
char *args[],
int n_args,
GCancellable *cancellable,
GError **error)
{
g_autoptr(FlatpakDeploy) runtime_deploy = NULL;
g_autoptr(GFile) app_files = NULL;
g_autoptr(GFile) runtime_files = NULL;
g_autoptr(GFile) app_id_dir = NULL;
g_autofree char *default_runtime = NULL;
g_autofree char *default_command = NULL;
g_autofree char *runtime_ref = NULL;
g_autoptr(GKeyFile) metakey = NULL;
g_autoptr(GKeyFile) runtime_metakey = NULL;
g_autoptr(GPtrArray) argv_array = NULL;
g_autoptr(GArray) fd_array = NULL;
g_autoptr(GPtrArray) real_argv_array = NULL;
g_auto(GStrv) envp = NULL;
const char *command = "/bin/sh";
g_autoptr(GError) my_error = NULL;
g_auto(GStrv) runtime_parts = NULL;
int i;
g_autofree char *app_info_path = NULL;
g_autoptr(FlatpakContext) app_context = NULL;
g_autoptr(FlatpakContext) overrides = NULL;
g_auto(GStrv) app_ref_parts = NULL;
app_ref_parts = flatpak_decompose_ref (app_ref, error);
if (app_ref_parts == NULL)
return FALSE;
argv_array = g_ptr_array_new_with_free_func (g_free);
fd_array = g_array_new (FALSE, TRUE, sizeof (int));
g_array_set_clear_func (fd_array, clear_fd);
if (app_deploy == NULL)
{
g_assert (g_str_has_prefix (app_ref, "runtime/"));
default_runtime = g_strdup (app_ref + strlen ("runtime/"));
}
else
{
metakey = flatpak_deploy_get_metadata (app_deploy);
default_runtime = g_key_file_get_string (metakey, "Application",
(flags & FLATPAK_RUN_FLAG_DEVEL) != 0 ? "sdk" : "runtime",
&my_error);
if (my_error)
{
g_propagate_error (error, g_steal_pointer (&my_error));
return FALSE;
}
}
runtime_parts = g_strsplit (default_runtime, "/", 0);
if (g_strv_length (runtime_parts) != 3)
return flatpak_fail (error, "Wrong number of components in runtime %s", default_runtime);
if (custom_runtime)
{
g_auto(GStrv) custom_runtime_parts = g_strsplit (custom_runtime, "/", 0);
for (i = 0; i < 3 && custom_runtime_parts[i] != NULL; i++)
{
if (strlen (custom_runtime_parts[i]) > 0)
{
g_free (runtime_parts[i]);
runtime_parts[i] = g_steal_pointer (&custom_runtime_parts[i]);
}
}
}
if (custom_runtime_version)
{
g_free (runtime_parts[2]);
runtime_parts[2] = g_strdup (custom_runtime_version);
}
runtime_ref = flatpak_compose_ref (FALSE,
runtime_parts[0],
runtime_parts[2],
runtime_parts[1],
error);
if (runtime_ref == NULL)
return FALSE;
runtime_deploy = flatpak_find_deploy_for_ref (runtime_ref, cancellable, error);
if (runtime_deploy == NULL)
return FALSE;
runtime_metakey = flatpak_deploy_get_metadata (runtime_deploy);
app_context = compute_permissions (metakey, runtime_metakey, error);
if (app_context == NULL)
return FALSE;
if (app_deploy != NULL)
{
overrides = flatpak_deploy_get_overrides (app_deploy);
flatpak_context_merge (app_context, overrides);
}
if (extra_context)
flatpak_context_merge (app_context, extra_context);
runtime_files = flatpak_deploy_get_files (runtime_deploy);
if (app_deploy != NULL)
{
app_files = flatpak_deploy_get_files (app_deploy);
if ((app_id_dir = flatpak_ensure_data_dir (app_ref_parts[1], cancellable, error)) == NULL)
return FALSE;
}
envp = g_get_environ ();
envp = flatpak_run_apply_env_default (envp);
envp = flatpak_run_apply_env_vars (envp, app_context);
if (app_id_dir != NULL)
envp = flatpak_run_apply_env_appid (envp, app_id_dir);
add_args (argv_array,
"--ro-bind", flatpak_file_get_path_cached (runtime_files), "/usr",
"--lock-file", "/usr/.ref",
NULL);
if (app_files != NULL)
add_args (argv_array,
"--ro-bind", flatpak_file_get_path_cached (app_files), "/app",
"--lock-file", "/app/.ref",
NULL);
else
add_args (argv_array,
"--dir", "/app",
NULL);
if (app_context->features & FLATPAK_CONTEXT_FEATURE_DEVEL)
flags |= FLATPAK_RUN_FLAG_DEVEL;
if (app_context->features & FLATPAK_CONTEXT_FEATURE_MULTIARCH)
flags |= FLATPAK_RUN_FLAG_MULTIARCH;
if (!flatpak_run_setup_base_argv (argv_array, fd_array, runtime_files, app_id_dir, app_ref_parts[2], flags, error))
return FALSE;
if (!flatpak_run_add_app_info_args (argv_array, fd_array, app_files, runtime_files, app_ref_parts[1], app_ref_parts[3],
runtime_ref, app_context, &app_info_path, error))
return FALSE;
if (metakey != NULL &&
!flatpak_run_add_extension_args (argv_array, &envp, metakey, app_ref, cancellable, error))
return FALSE;
if (!flatpak_run_add_extension_args (argv_array, &envp, runtime_metakey, runtime_ref, cancellable, error))
return FALSE;
add_document_portal_args (argv_array, app_ref_parts[1]);
if (!flatpak_run_add_environment_args (argv_array, fd_array, &envp,
app_info_path, flags,
app_ref_parts[1], app_context, app_id_dir, cancellable, error))
return FALSE;
flatpak_run_add_journal_args (argv_array);
add_font_path_args (argv_array);
add_args (argv_array,
/* Not in base, because we don't want this for flatpak build */
"--symlink", "/app/lib/debug/source", "/run/build",
"--symlink", "/usr/lib/debug/source", "/run/build-runtime",
NULL);
if (custom_command)
{
command = custom_command;
}
else if (metakey)
{
default_command = g_key_file_get_string (metakey, "Application", "command", &my_error);
if (my_error)
{
g_propagate_error (error, g_steal_pointer (&my_error));
return FALSE;
}
command = default_command;
}
real_argv_array = g_ptr_array_new_with_free_func (g_free);
g_ptr_array_add (real_argv_array, g_strdup (flatpak_get_bwrap ()));
{
gsize len;
int arg_fd;
g_autofree char *arg_fd_str = NULL;
g_autofree char *args = join_args (argv_array, &len);
arg_fd = create_tmp_fd (args, len, error);
if (arg_fd < 0)
return FALSE;
arg_fd_str = g_strdup_printf ("%d", arg_fd);
g_array_append_val (fd_array, arg_fd);
add_args (real_argv_array,
"--args", arg_fd_str,
NULL);
}
g_ptr_array_add (real_argv_array, g_strdup (command));
for (i = 0; i < n_args; i++)
g_ptr_array_add (real_argv_array, g_strdup (args[i]));
g_ptr_array_add (real_argv_array, NULL);
if ((flags & FLATPAK_RUN_FLAG_BACKGROUND) != 0)
{
if (!g_spawn_async (NULL,
(char **) real_argv_array->pdata,
envp,
G_SPAWN_SEARCH_PATH,
child_setup, fd_array,
NULL,
error))
return FALSE;
}
else
{
if (execvpe (flatpak_get_bwrap (), (char **) real_argv_array->pdata, envp) == -1)
{
g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (errno),
_("Unable to start app"));
return FALSE;
}
/* Not actually reached... */
}
return TRUE;
}
Reference in New Issue View Git Blame Copy Permalink