Skip to content
Permalink
Browse files
[Flatpak SDK] Sandbox access to pipewire socket
https://bugs.webkit.org/show_bug.cgi?id=240338

Patch by Philippe Normand <pnormand@igalia.com> on 2022-05-13
Reviewed by Adrian Perez de Castro.

Starting from version 0.5 of Bubblewrap bind mounts behavior slightly changed. Without this
patch the pipewire socket wouldn't be available from the default XDG runtime directory.

* flatpak/webkit-bwrap:

Canonical link: https://commits.webkit.org/250520@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@294150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
philn authored and webkit-commit-queue committed May 13, 2022
1 parent 43fa8f3 commit b74a495a40f8b6d9aab4eed9f1c794714b7efe30
Showing with 17 additions and 3 deletions.
  1. +12 −0 Tools/ChangeLog
  2. +5 −3 Tools/flatpak/webkit-bwrap
@@ -1,3 +1,15 @@
2022-05-12 Philippe Normand <philn@igalia.com>

[Flatpak SDK] Sandbox access to pipewire socket
https://bugs.webkit.org/show_bug.cgi?id=240338

Reviewed by Adrian Perez de Castro.

Starting from version 0.5 of Bubblewrap bind mounts behavior slightly changed. Without this
patch the pipewire socket wouldn't be available from the default XDG runtime directory.

* flatpak/webkit-bwrap:

2022-05-12 Alex Christensen <achristensen@webkit.org>

Make if-domain and unless-domain regexes only look at URL hosts
@@ -88,12 +88,14 @@ def main(args: list) -> int:
if coredumps_dir:
try_bind_mounts[coredumps_dir] = coredumps_dir

bwrap_args = ["bwrap", ]

xdg_runtime_dir = environ.get("XDG_RUNTIME_DIR")
if xdg_runtime_dir:
pw_socket = os.path.join(xdg_runtime_dir, "pipewire-0")
try_bind_mounts[pw_socket] = pw_socket
pipewire_runtime_dir = "/host/xdg-runtime"
bwrap_args.extend(("--ro-bind-try", xdg_runtime_dir, pipewire_runtime_dir,
"--setenv", "PIPEWIRE_RUNTIME_DIR", pipewire_runtime_dir))

bwrap_args = ["bwrap", ]
for dst, src in bind_mounts.items():
bwrap_args.extend(("--bind", src, dst))

0 comments on commit b74a495

Please sign in to comment.