From 3332ae21f27559f69bd631cdb845bb81613bd45e Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 24 Dec 2020 08:24:40 -0800
Subject: Use unix sockets instead of abstract sockets

Quoting Michael Catanzaro:

> Secure host services must not use abstract sockets.
>
>  - If your sandboxed application uses --share=net to access the host
>    network namespace, which is required for internet access, then it
>    gets access to all the host's abstract sockets as well. Loads of
>    sandboxed applications necessarily have to use --share=net.
>
>  - If your sandboxed application does not use --share=net, it cannot
>    access any host abstract sockets.

This also requires bumping the minimum glib version to 2.62.
---
 bus/accessibility.conf.in | 2 +-
 meson.build               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bus/accessibility.conf.in b/bus/accessibility.conf.in
index 31b6a792..79c51464 100644
--- a/bus/accessibility.conf.in
+++ b/bus/accessibility.conf.in
@@ -6,7 +6,7 @@
 <servicedir>@DATADIR@/dbus-1/accessibility-services</servicedir>
   <auth>EXTERNAL</auth>
 
-  <listen>unix:tmpdir=/tmp</listen>
+  <listen>unix:dir=/tmp</listen>
 
   <policy context="default">
     <!-- Allow root to connect -->
diff --git a/meson.build b/meson.build
index 73bfe7db..0b2474bf 100644
--- a/meson.build
+++ b/meson.build
@@ -44,7 +44,7 @@ endif
 
 # Dependencies
 libdbus_req_version = '>= 1.5'
-glib_req_version = '>= 2.32.0'
+glib_req_version = '>= 2.62.0'
 gobject_req_version = '>= 2.0.0'
 gio_req_version = '>= 2.28.0'
 
-- 
cgit v1.2.1