diff options
| author | Alexander Larsson <alexl@redhat.com> | 2019-11-27 11:06:45 +0100 |
|---|---|---|
| committer | Alexander Larsson <alexander.larsson@gmail.com> | 2019-11-27 14:21:25 +0100 |
| commit | 38fecb08d3be6cb2714f53339a51fc850ca83b80 (patch) | |
| tree | 9db384e92bd8c9f413599dfdb1419ccbfa6e83d0 /portal | |
| parent | ae50843851af90bb8c7a9ce3c7478947ee30cd38 (diff) | |
| download | flatpak-38fecb08d3be6cb2714f53339a51fc850ca83b80.tar.gz | |
portal: Add supports flag and set a bit if EXPOSE_PIDS is supported
We can only support this if the host bwrap is not setuid (at least for
now). This allows callers to detect this case ahead of time. We also
detect this case when called and return a better error code that
can be detected.
Diffstat (limited to 'portal')
| -rw-r--r-- | portal/flatpak-portal.c | 35 | ||||
| -rw-r--r-- | portal/flatpak-portal.h | 5 |
2 files changed, 37 insertions, 3 deletions
diff --git a/portal/flatpak-portal.c b/portal/flatpak-portal.c index e395c7d1..93cdd9d4 100644 --- a/portal/flatpak-portal.c +++ b/portal/flatpak-portal.c @@ -60,6 +60,7 @@ static GMainLoop *main_loop; static PortalFlatpak *portal; static gboolean opt_verbose; static int opt_poll_timeout; +static FlatpakSpawnSupportFlags supports = 0; G_LOCK_DEFINE (update_monitors); /* This protects the three variables below */ static GHashTable *update_monitors; @@ -789,10 +790,20 @@ handle_spawn (PortalFlatpak *object, expose_pids = (arg_flags & FLATPAK_SPAWN_FLAGS_EXPOSE_PIDS) != 0; if (expose_pids) { + g_autofree char *instance_id = NULL; int sender_pid1 = 0; - g_autofree char *instance_id = g_key_file_get_string (app_info, - FLATPAK_METADATA_GROUP_INSTANCE, - FLATPAK_METADATA_KEY_INSTANCE_ID, NULL); + + if (!(supports & FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS)) + { + g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, + G_DBUS_ERROR_NOT_SUPPORTED, + "Expose pids not supported"); + return TRUE; + } + + instance_id = g_key_file_get_string (app_info, + FLATPAK_METADATA_GROUP_INSTANCE, + FLATPAK_METADATA_KEY_INSTANCE_ID, NULL); if (instance_id) { @@ -2288,6 +2299,19 @@ name_owner_changed (GDBusConnection *connection, #define DBUS_INTERFACE_DBUS DBUS_NAME_DBUS #define DBUS_PATH_DBUS "/org/freedesktop/DBus" +static gboolean +supports_expose_pids (void) +{ + const char *path = g_find_program_in_path (flatpak_get_bwrap ()); + struct stat st; + + /* This is supported only if bwrap exists and is not setuid */ + return + path != NULL && + stat (path, &st) == 0 && + (st.st_mode & S_ISUID) == 0; +} + static void on_bus_acquired (GDBusConnection *connection, const gchar *name, @@ -2325,6 +2349,8 @@ on_bus_acquired (GDBusConnection *connection, G_DBUS_INTERFACE_SKELETON_FLAGS_HANDLE_METHOD_INVOCATIONS_IN_THREAD); portal_flatpak_set_version (PORTAL_FLATPAK (portal), 3); + portal_flatpak_set_supports (PORTAL_FLATPAK (portal), supports); + g_signal_connect (portal, "handle-spawn", G_CALLBACK (handle_spawn), NULL); g_signal_connect (portal, "handle-spawn-signal", G_CALLBACK (handle_spawn_signal), NULL); g_signal_connect (portal, "handle-create-update-monitor", G_CALLBACK (handle_create_update_monitor), NULL); @@ -2486,6 +2512,9 @@ main (int argc, flatpak_connection_track_name_owners (session_bus); + if (supports_expose_pids ()) + supports |= FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS; + flags = G_BUS_NAME_OWNER_FLAGS_ALLOW_REPLACEMENT; if (replace) flags |= G_BUS_NAME_OWNER_FLAGS_REPLACE; diff --git a/portal/flatpak-portal.h b/portal/flatpak-portal.h index 142160eb..c03dbd9e 100644 --- a/portal/flatpak-portal.h +++ b/portal/flatpak-portal.h @@ -38,6 +38,11 @@ typedef enum { FLATPAK_SPAWN_SANDBOX_FLAGS_ALLOW_A11Y = 1 << 4, } FlatpakSpawnSandboxFlags; + +typedef enum { + FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS = 1 << 0, +} FlatpakSpawnSupportFlags; + #define FLATPAK_SPAWN_FLAGS_ALL (FLATPAK_SPAWN_FLAGS_CLEAR_ENV | \ FLATPAK_SPAWN_FLAGS_LATEST_VERSION | \ FLATPAK_SPAWN_FLAGS_SANDBOX | \ |