rpms/flatpak
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Refresh gssproxy patch to use new socket path

Browse Source
This commit is contained in:
Michael Catanzaro 2022-09-15 09:05:41 -05:00
parent cd6b3508dc
commit 90828d355f
2 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
flatpak-1.13.3-add-gssproxy-support.patch
View File

@ -1,4 +1,4 @@
From 66dec57ed23421c153af4eae36d2c3ca8501e380 Mon Sep 17 00:00:00 2001 From b9f4200b9674638ee2879db568e30219e81d5ed8 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com> From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Thu, 12 May 2022 12:44:59 -0500 Date: Thu, 12 May 2022 12:44:59 -0500
Subject: [PATCH 1/2] Bind gssproxy socket into sandbox environment Subject: [PATCH 1/2] Bind gssproxy socket into sandbox environment
@ -18,10 +18,10 @@ See also: https://github.com/gssapi/gssproxy/issues/45
1 file changed, 17 insertions(+), 1 deletion(-) 1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index e4391019a0..adf54ed474 100644 index bf85f47c..3ec007cf 100644
--- a/common/flatpak-run.c --- a/common/flatpak-run.c
+++ b/common/flatpak-run.c +++ b/common/flatpak-run.c
@@ -923,6 +923,19 @@ flatpak_run_add_pulseaudio_args (FlatpakBwrap *bwrap, @@ -955,6 +955,19 @@ flatpak_run_add_pulseaudio_args (FlatpakBwrap *bwrap,
flatpak_bwrap_add_args (bwrap, "--dev-bind", "/dev/snd", "/dev/snd", NULL); flatpak_bwrap_add_args (bwrap, "--dev-bind", "/dev/snd", "/dev/snd", NULL);
} }
@ -32,16 +32,16 @@ index e4391019a0..adf54ed474 100644
+ * not intended to be exposed to sandboxed environments. + * not intended to be exposed to sandboxed environments.
+ */ + */
+ g_autofree char *gssproxy_host_dir = g_build_filename (g_get_user_runtime_dir (), "gssproxy", NULL); + g_autofree char *gssproxy_host_dir = g_build_filename (g_get_user_runtime_dir (), "gssproxy", NULL);
+ const char *gssproxy_sandboxed_dir = "/var/lib/gssproxy/"; + const char *gssproxy_sandboxed_dir = "/run/flatpak/gssproxy/";
+ +
+ if (g_file_test (gssproxy_host_dir, G_FILE_TEST_EXISTS)) + if (g_file_test (gssproxy_host_dir, G_FILE_TEST_EXISTS))
+ flatpak_bwrap_add_args (bwrap, "--bind", gssproxy_host_dir, gssproxy_sandboxed_dir, NULL); + flatpak_bwrap_add_args (bwrap, "--ro-bind", gssproxy_host_dir, gssproxy_sandboxed_dir, NULL);
+} +}
+ +
static void static void
flatpak_run_add_resolved_args (FlatpakBwrap *bwrap) flatpak_run_add_resolved_args (FlatpakBwrap *bwrap)
{ {
@@ -4560,7 +4573,10 @@ flatpak_run_app (FlatpakDecomposed *app_ref, @@ -4611,7 +4624,10 @@ flatpak_run_app (FlatpakDecomposed *app_ref,
} }
if ((app_context->shares & FLATPAK_CONTEXT_SHARED_NETWORK) != 0) if ((app_context->shares & FLATPAK_CONTEXT_SHARED_NETWORK) != 0)
@ -53,8 +53,10 @@ index e4391019a0..adf54ed474 100644
flatpak_run_add_journal_args (bwrap); flatpak_run_add_journal_args (bwrap);
add_font_path_args (bwrap); add_font_path_args (bwrap);
--
2.37.3
From d9f214ed47fba50daa433ce6145acd93f56bc781 Mon Sep 17 00:00:00 2001 From 9e32923a46ffd336dffc4fa7c7a1ee05ae2d39ae Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com> From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Mon, 23 May 2022 09:59:48 -0500 Date: Mon, 23 May 2022 09:59:48 -0500
Subject: [PATCH 2/2] Block KRB5CCNAME from inheriting into sandbox Subject: [PATCH 2/2] Block KRB5CCNAME from inheriting into sandbox
@ -77,10 +79,10 @@ host.
2 files changed, 4 insertions(+), 1 deletion(-) 2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index adf54ed474..e689920a08 100644 index 3ec007cf..b650be46 100644
--- a/common/flatpak-run.c --- a/common/flatpak-run.c
+++ b/common/flatpak-run.c +++ b/common/flatpak-run.c
@@ -1850,7 +1850,8 @@ static const ExportData default_exports[] = { @@ -1887,7 +1887,8 @@ static const ExportData default_exports[] = {
{"XDG_RUNTIME_DIR", NULL}, {"XDG_RUNTIME_DIR", NULL},
/* Some env vars are common enough and will affect the sandbox badly /* Some env vars are common enough and will affect the sandbox badly
@ -90,7 +92,7 @@ index adf54ed474..e689920a08 100644
{"PYTHONPATH", NULL}, {"PYTHONPATH", NULL},
{"PERLLIB", NULL}, {"PERLLIB", NULL},
{"PERL5LIB", NULL}, {"PERL5LIB", NULL},
@@ -1867,6 +1868,7 @@ static const ExportData default_exports[] = { @@ -1904,6 +1905,7 @@ static const ExportData default_exports[] = {
{"GST_PTP_HELPER", NULL}, {"GST_PTP_HELPER", NULL},
{"GST_PTP_HELPER_1_0", NULL}, {"GST_PTP_HELPER_1_0", NULL},
{"GST_INSTALL_PLUGINS_HELPER", NULL}, {"GST_INSTALL_PLUGINS_HELPER", NULL},
@ -99,7 +101,7 @@ index adf54ed474..e689920a08 100644
static const ExportData no_ld_so_cache_exports[] = { static const ExportData no_ld_so_cache_exports[] = {
diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml diff --git a/doc/flatpak-run.xml b/doc/flatpak-run.xml
index f8d9e5eecd..4dc0b53149 100644 index e1aa5e1c..77cd3ad0 100644
--- a/doc/flatpak-run.xml --- a/doc/flatpak-run.xml
+++ b/doc/flatpak-run.xml +++ b/doc/flatpak-run.xml
@@ -97,6 +97,7 @@ @@ -97,6 +97,7 @@
@ -110,3 +112,5 @@ index f8d9e5eecd..4dc0b53149 100644
</simplelist> </simplelist>
<para> <para>
Also several environment variables with the prefix "GST_" that are used by gstreamer Also several environment variables with the prefix "GST_" that are used by gstreamer
--
2.37.3

5
flatpak.spec
View File

@ -6,7 +6,7 @@
Name: flatpak Name: flatpak
Version: 1.14.0 Version: 1.14.0
Release: 1%{?dist} Release: 2%{?dist}
Summary: Application deployment framework for desktop apps Summary: Application deployment framework for desktop apps
License: LGPLv2+ License: LGPLv2+
@ -279,6 +279,9 @@ fi
%changelog %changelog
* Thu Sep 15 2022 Michael Catanzaro <mcatanzaro@redhat.com> - 1.14.0-2
- Refresh gssproxy patch to use new socket path
* Wed Sep 07 2022 Kalev Lember <klember@redhat.com> - 1.14.0-1 * Wed Sep 07 2022 Kalev Lember <klember@redhat.com> - 1.14.0-1
- Update to 1.14.0 - Update to 1.14.0