Support new sandbox portal features

flatpak / flatpak-xdg-utils

Simple portal-based commandline tools for use inside flatpak sandboxes

GNU Lesser General Public License v2.1

34 stars 14 forks source link

Support new sandbox portal features #24

Closed alexlarsson closed 4 years ago

alexlarsson commented 4 years ago

This adds support for the new sandbox-flags and expose-fd[-ro] features in flatpak.

These are currently being handled here: https://github.com/flatpak/flatpak/pull/3248 and this should not be merged until that lands.

TingPing commented 4 years ago

Is the opt_no_documents_portal flag not exposed?

alexlarsson commented 4 years ago

@TingPing --no-document-portal is on by deafult for sandboxes, do you want to enable it?

TingPing commented 4 years ago

No that is good.

TingPing commented 4 years ago

This doesn't appear to error when the host doesn't have the new version?

alexlarsson commented 4 years ago

Non-wip now that the feature landed in flatpak.

TingPing commented 4 years ago

The path support doesn't seem to function:

touch /tmp/foo
flatpak-spawn --sandbox --sandbox-expose-path-ro=/tmp ls /tmp
# Lists nothing

TingPing commented 4 years ago

This triggers a segfault:

flatpak-spawn --sandbox --sandbox-expose-path-ro=/home/tingping/.var/app/org.gnome.Epiphany.Devel/data/epiphany --sandbox-expose-path-ro=/home/tingping/.var/app/org.gnome.Epiphany.Devel/cache/epiphany ls

Either path alone does not segfault, only having both did it.

#0  0x00007ffff7cdf1dd in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007ffff7cdf375 in g_variant_builder_add_value () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff7ce175c in g_variant_builder_add () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0

TingPing commented 4 years ago

allow-a11y doesn't seem to work out either:

(WebKitWebProcess:2): dbind-WARNING **: 15:12:20.045: AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown

alexlarsson commented 4 years ago

The path support doesn't seem to function:
touch /tmp/foo
flatpak-spawn --sandbox --sandbox-expose-path-ro=/tmp ls /tmp
# Lists nothing

This one is problematic. /tmp in the caller is not the same as /tmp on the host, and thus you will not be able to see it in the other sandbox. Try a different path, like so:

 flatpak-spawn --sandbox --sandbox-expose-path-ro=dd$XDG_DATA_HOME ls -la $XDG_DATA_HOME

Its possible we might be able to special case the /tmp case by some hackery. Is this important?

alexlarsson commented 4 years ago

The variant builder fix @matthiasclasen pointed out fixes the segfault you saw

alexlarsson commented 4 years ago

Unfortunately there was a flatpak bug that also made allow-a11y not work: https://github.com/flatpak/flatpak/pull/3278

TingPing commented 4 years ago

Its possible we might be able to special case the /tmp case by some hackery. Is this important?

Epiphany requires it to work

alexlarsson commented 4 years ago

@TingPing Hmm, I was trying to fix this by making the new sandbox bind mount the source from /proc/$old/fd/$fd which lets you bind mount the /tmp from the sandboxed namespace. Unfortunately its all broken by bwrap running realpath() on all input, which resolves the magic proc paths to the real /tmp...

alexlarsson commented 4 years ago

Even with that fixed it seems to fail:

24027 mount("oldroot/proc/self/fd/13/", "/newroot/tmp", NULL, MS_BIND|MS_REC, NULL) = -1 EINVAL (Invalid argument)