-
-
Notifications
You must be signed in to change notification settings - Fork 389
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test whether sysfs mountpoints are accessible before mounting them #5697
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could probably be using --ro-bind-try
, as is done for /proc/self/ns/user
adjacent to the lines you deleted?
I thought so too @smcv , but when I tested this with |
Please could you say more in the commit message about precisely what "access to /sys/ is blocked" means in the system you're targeting? (chmod 0700 on I'd prefer not to be making this work accidentally, in a way that depends on implementation details and is fragile against future changes.
If your actual goal is to deal with locked-down systems where access to these directories doesn't work, then It's also worth noting that applications do rely on access to these directories (for example SDL uses |
00c7cec
to
572d2a8
Compare
In a restrictive environment where access to /sys/ is blocked by file permissions (chmod 0700 /sys), flatpak should not depend on sysfs as discussed in issue flatpak#5138
Thanks for your feedback @smcv , I have made changes as suggested. |
In a restrictive environment where access to /sys/ is blocked to regular users, flatpak should not depend on sysfs as discussed in issue #5138