diff options
author | Matthias Clasen <mclasen@redhat.com> | 2015-02-09 13:23:07 +0100 |
---|---|---|
committer | Matthias Clasen <mclasen@redhat.com> | 2015-02-09 13:24:19 +0100 |
commit | c07e917b5db5464a32fa2b725ff3fe4d99ae149e (patch) | |
tree | 78aa71d9418eb6b326a2fe1f388ba96454271003 | |
parent | f4b9af3a4092e97e0bec5540b81e7bdb4be6df3b (diff) | |
download | flatpak-c07e917b5db5464a32fa2b725ff3fe4d99ae149e.tar.gz |
Add --allow option to the run command
Allow to fully override the environment settings from the
application metadata. This can be useful for testing.
-rwxr-xr-x | completion/xdg-app | 2 | ||||
-rw-r--r-- | doc/xdg-app-run.xml | 24 | ||||
-rw-r--r-- | xdg-app-builtins-run.c | 32 |
3 files changed, 43 insertions, 15 deletions
diff --git a/completion/xdg-app b/completion/xdg-app index 949063dc..e650272a 100755 --- a/completion/xdg-app +++ b/completion/xdg-app @@ -28,7 +28,7 @@ _xdg-app() { [LIST_REMOTES]='--show-urls' [REPO_CONTENTS]='--show-details --runtimes --apps --update' [UNINSTALL]='--keep-ref' - [RUN]='--command --branch --devel --forbid --runtime' + [RUN]='--command --branch --devel --allow --forbid --runtime' [BUILD_INIT]='--arch --var' [BUILD]='--runtime --network --x11' [BUILD_FINISH]='--command --allow' diff --git a/doc/xdg-app-run.xml b/doc/xdg-app-run.xml index 8ef3db6e..f5a52b72 100644 --- a/doc/xdg-app-run.xml +++ b/doc/xdg-app-run.xml @@ -53,9 +53,9 @@ </para> <para> The details of the sandboxed environment are controlled by the application - metadata and the --forbid option that are passed to the run command: Access - is allowed if the application requested it in its metadata file and the - user hasn;t forbidden it. + metadata and the --allow and --forbid options that are passed to the run + command: Access is allowed if it was requested either in the application + metadata file or with an --allow option and the user hasn;t forbidden it. </para> </refsect1> @@ -117,11 +117,25 @@ </varlistentry> <varlistentry> + <term><option>--allow=KEY</option></term> + + <listitem><para> + Allow access to the named facility. This overrides + the Environment section from the application metadata. + KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus, + session-dbus, network, host-fs, homedir. + This option can be used multiple times. + </para></listitem> + </varlistentry> + + <varlistentry> <term><option>--forbid=KEY</option></term> <listitem><para> - Disallow access to the named facility. KEY must - be one of: x11, wayland, ipc, pulseaudio, system-dbus, + Disallow access to the named facility. This overrides the + Environment section from the application metadata and + --allow options to this command. + KEY must be one of: x11, wayland, ipc, pulseaudio, system-dbus, session-dbus, network, host-fs, homedir. This option can be used multiple times. </para></listitem> diff --git a/xdg-app-builtins-run.c b/xdg-app-builtins-run.c index c6868204..ed85cb3b 100644 --- a/xdg-app-builtins-run.c +++ b/xdg-app-builtins-run.c @@ -17,6 +17,7 @@ static char *opt_branch; static char *opt_command; static gboolean opt_devel; static char *opt_runtime; +static char **opt_allow; static char **opt_forbid; static GOptionEntry options[] = { @@ -25,6 +26,7 @@ static GOptionEntry options[] = { { "branch", 0, 0, G_OPTION_ARG_STRING, &opt_branch, "Branch to use", "BRANCH" }, { "devel", 'd', 0, G_OPTION_ARG_NONE, &opt_devel, "Use development runtime", NULL }, { "runtime", 0, 0, G_OPTION_ARG_STRING, &opt_runtime, "Runtime to use", "RUNTIME" }, + { "allow", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_allow, "Environment options to set to true", "KEY" }, { "forbid", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_forbid, "Environment options to set to false", "KEY" }, { NULL } }; @@ -267,6 +269,7 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError ** "network", "host-fs", "homedir", NULL }; const char *no_opts[1] = { NULL }; + const char **allow; const char **forbid; context = g_option_context_new ("APP [args...] - Run an app"); @@ -419,35 +422,46 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError ** goto out; } - if (g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) && + if (opt_allow) + allow = (const char **)opt_allow; + else + allow = no_opts; + + if ((key = g_strv_subset (environment_keys, allow)) != NULL) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Unknown Environment key %s", key); + goto out; + } + + if ((g_key_file_get_boolean (metakey, "Environment", "ipc", NULL) || g_strv_contains (allow, "ipc")) && !g_strv_contains (forbid, "ipc")) { g_debug ("Allowing ipc access"); g_ptr_array_add (argv_array, g_strdup ("-i")); } - if (g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "host-fs", NULL) || g_strv_contains (allow, "nost-fs")) && !g_strv_contains (forbid, "host-fs")) { g_debug ("Allowing host-fs access"); g_ptr_array_add (argv_array, g_strdup ("-f")); } - if (g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "homedir", NULL) || g_strv_contains (allow, "homedir")) && !g_strv_contains (forbid, "homedir")) { g_debug ("Allowing homedir access"); g_ptr_array_add (argv_array, g_strdup ("-H")); } - if (g_key_file_get_boolean (metakey, "Environment", "network", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "network", NULL) || g_strv_contains (allow, "network")) && !g_strv_contains (forbid, "network")) { g_debug ("Allowing network access"); g_ptr_array_add (argv_array, g_strdup ("-n")); } - if (g_key_file_get_boolean (metakey, "Environment", "x11", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "x11", NULL) || g_strv_contains (allow, "x11")) && !g_strv_contains (forbid, "x11")) { g_debug ("Allowing x11 access"); @@ -458,28 +472,28 @@ xdg_app_builtin_run (int argc, char **argv, GCancellable *cancellable, GError ** xdg_app_run_add_no_x11_args (argv_array); } - if (g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "wayland", NULL) || g_strv_contains (allow, "wayland")) && !g_strv_contains (forbid, "wayland")) { g_debug ("Allowing wayland access"); xdg_app_run_add_wayland_args (argv_array); } - if (g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "pulseaudio", NULL) || g_strv_contains (allow, "pulseaudio")) && !g_strv_contains (forbid, "pulseaudio")) { g_debug ("Allowing pulseaudio access"); xdg_app_run_add_pulseaudio_args (argv_array); } - if (g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "system-dbus", NULL) || g_strv_contains (allow, "system-dbus")) && !g_strv_contains (forbid, "system-dbus")); { g_debug ("Allowing system-dbus access"); xdg_app_run_add_system_dbus_args (argv_array); } - if (g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) && + if ((g_key_file_get_boolean (metakey, "Environment", "session-dbus", NULL) || g_strv_contains (allow, "session-dbus")) && !g_strv_contains (forbid, "session-dbus")) { g_debug ("Allowing session-dbus access"); |