context: Show a warning when --filesystem exists but can't be shared

If the user gives us a override or command-line argument that we cannot
obey, like --filesystem=/usr/share/whatever or
--filesystem=/run/flatpak/whatever, then it's confusing that we silently
ignore it. We should give them an opportunity to see that their override
was ineffective.

However, there are a few situations where we still want to keep quiet.
If there is a --filesystem argument for something that simply doesn't
exist, we don't diagnose the failure to share it: that avoids creating
unnecessary noise for apps that opportunistically share locations that
might or might not exist, like the way the Steam app on Flathub asks
for access to $XDG_RUNTIME_DIR/app/com.discordapp.Discord.

Similarly, if we have been asked for --filesystem=host, the root
directory is very likely to contain symlinks into a reserved path, like
/lib -> usr/lib. We don't need a user-visible warning for that.

We actually use the equivalent of g_message() rather than g_warning(),
to avoid this being fatal during unit testing (in particular when we
do a `flatpak info` on an app that has never been run, which will
be unable to share its `.var/app` subdirectory). `app/flatpak-main.c`
currently displays them as equivalent to each other anyway.

Signed-off-by: Simon McVittie <smcv@collabora.com>

1 files changed, 29 insertions, 4 deletions

diff --git a/common/flatpak-context.c b/common/flatpak-context.c
index 89217829..9a8413b9 100644
--- a/common/flatpak-context.c
+++ b/common/flatpak-context.c
@@ -2462,18 +2462,34 @@ log_cannot_export_error (FlatpakFilesystemMode  mode,
                          const char            *path,
                          const GError          *error)
 {
+  GLogLevelFlags level = G_LOG_LEVEL_MESSAGE;
+
+  /* By default we don't show a log message if the reason we are not sharing
+   * something with the sandbox is simply "it doesn't exist" (or something
+   * very close): otherwise it would be very noisy to launch apps that
+   * opportunistically share things they might benefit from, like Steam
+   * having access to $XDG_RUNTIME_DIR/app/com.discordapp.Discord if it
+   * happens to exist. */
+  if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
+    level = G_LOG_LEVEL_INFO;
+  /* Some callers specifically suppress warnings for particular errors
+   * by setting this code. */
+  else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_FAILED_HANDLED))
+    level = G_LOG_LEVEL_INFO;
+
   switch (mode)
     {
       case FLATPAK_FILESYSTEM_MODE_NONE:
-        g_debug ("Not replacing \"%s\" with tmpfs: %s",
-                 path, error->message);
+        g_log (G_LOG_DOMAIN, level, _("Not replacing \"%s\" with tmpfs: %s"),
+               path, error->message);
         break;
 
       case FLATPAK_FILESYSTEM_MODE_CREATE:
       case FLATPAK_FILESYSTEM_MODE_READ_ONLY:
       case FLATPAK_FILESYSTEM_MODE_READ_WRITE:
-        g_debug ("Not sharing \"%s\" with sandbox: %s",
-                 path, error->message);
+        g_log (G_LOG_DOMAIN, level,
+               _("Not sharing \"%s\" with sandbox: %s"),
+               path, error->message);
         break;
     }
 }
@@ -2521,6 +2537,15 @@ flatpak_context_export (FlatpakContext *context,
 
               if (!flatpak_exports_add_path_expose (exports, fs_mode, path, &local_error))
                 {
+                  /* Failure to share something like /lib32 because it's
+                   * actually a symlink to /usr/lib32 is less of a problem
+                   * here than it would be for an explicit
+                   * --filesystem=/lib32, so the warning that would normally
+                   * be produced in that situation is downgraded to a
+                   * debug message. */
+                  if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_MOUNTABLE_FILE))
+                    local_error->code = G_IO_ERROR_FAILED_HANDLED;
+
                   log_cannot_export_error (fs_mode, path, local_error);
                   g_clear_error (&local_error);
                 }