New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GTK] D-Bus proxy quietly fails if host bus address is not mounted in xdg-dbus-proxy's sandbox #5136
Conversation
EWS run on previous version of this PR (hash f575ab0) |
f575ab0
to
e7e27d6
Compare
EWS run on previous version of this PR (hash e7e27d6) |
srry long day at work i ment to ask if this was applied on top of 5011 ( but u already answered me ) ;) |
hm, now it just hangs instead (including no ctrl-c response)
|
Same as nekopsykose
|
That's because |
What is the bind command you used? |
|
I verified that oreo's additional patch for bubblewrap once again made Epiphany load with 5136.patch |
Looks like the accessibility API tests actually caught that mistake, but I didn't notice because the tests are so flaky that I never bother to even look at the test failures anymore.... |
e7e27d6
to
344d794
Compare
OK, hopefully fixed... please test this updated version. Let's also wait and see if the CI likes it. |
EWS run on previous version of this PR (hash 344d794) |
everything works correctly for me. thanks @mcatanzaro! |
I can confirm that this works for me as well, tysm. |
void setAccessibilityBusAddress(String&& address) { m_accessibilityBusAddress = WTFMove(address); } | ||
void setAccessibilityBusProxyAddress(String&& address) { m_accessibilityBusProxyAddress = WTFMove(address); } | ||
const String accessibilityBusProxyAddress() const; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is right, the platform display only cares about the actual address to use, the same way we override the env var, whether it's the actual one or the socket one is a detail the display doesn't need to know.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, then I think I need to move all the code that computes the accessibility bus address to someplace else. Will consider this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think PlatformDisplay really has anything to do with the accessibility bus at all. We've just put the code to compute the accessibility bus address here because it's a convenient global location, and it seems as nice a place for it to go as anywhere else does, so I'm not inclined to try moving it.
The problem is that XDGDBusProxy overrides the address here with an address pointing to the proxy socket instead, but we still need the original unmodified address later on when launching the xdg-dbus-proxy process. So the problem to solve is: do not overwrite the original address. I thought separating the original address from the proxy address was a nice way to do it, but any other way would work just fine. My next proposal will be a new function PlatformDisplay::originalAccessibilityBusAddress
that works the same as PlatformDisplay::accessibilityBusAddress
except it ignores the value set with PlatformDisplay::setAccessibilityBusAddress
. That should work. I wanted to call it PlatformDisplay::hostAccessibilityBusAddress
, but that would be confusing when running in the web process, because they'll return the same result in the web process, which never sees the real host bus address, only the proxy address.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated, does this look OK to you now? And if not, do you have an alternative suggestion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason why it was added to PlatformDisplay is because in X11, the bus address is set as an atom in the x11 display (AT_SPI_BUS), see PlatformDisplayX11::platformAccessibilityBusAddress().
Seems there are still a11y test failures:
|
(process:3013): GLib-CRITICAL **: 21:49:32.257: Failed to set scheduler settings: Operation not permitted |
That's https://gitlab.gnome.org/GNOME/glib/-/issues/2769. It's not related to this pull request.
Feel free to report a bug for this, but you'll need a backtrace taken with gdb. I doubt it's related to this pull request. |
I doubt it is too. I thought I would let you know. |
344d794
to
4151de8
Compare
EWS run on previous version of this PR (hash 4151de8) |
4151de8
to
de13841
Compare
EWS run on previous version of this PR (hash de13841) |
@oreo639 it's probably worth testing this one more time if you have a chance to do so. It should still be fine, but worth checking just in case. |
still works for me |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add m_sandboxEnabled check before landing.
Yeah, it works for me. I did get a compilation error on gcc 10.2 due to a commit that has since been reverted and it builds after applying the revert. |
de13841
to
bc4e4cd
Compare
bc4e4cd
to
14ccf3e
Compare
EWS run on current version of this PR (hash 14ccf3e)
|
β¦ xdg-dbus-proxy's sandbox https://bugs.webkit.org/show_bug.cgi?id=246159 Reviewed by Carlos Garcia Campos. D-Bus 1.15.2 has changed the default session bus address to a filesystem socket that lives under /tmp. However, our xdg-dbus-proxy cannot access this location because we assume the session bus socket will always be mounted under /run, since that's where all major distros put it. It's OK to be flexible and mount absolutely any directory, whatever it may be, since we're not actually trying to create a sandbox that the xdg-dbus-proxy cannot break out of. It's a trusted process, and the sandbox exists solely so that portals can verify the app ID of the process that is using the proxy, which is done by inspecting /.flatpak-info in its mount namespace's filesystem root. So let's mount whatever directory is in use and move on. Credit to oreo639 for investigating the problem and proposing a fix in WebKit#5011. The a11y bus has the same theoretical problem, although it's not an issue today because currently it will always be under /run in practice. Still, we should fix it. There is one complication: PlatformDisplay currently uses just one variable for both the host a11y bus address and the proxy bus address, relying on XDGDBusProxy to change it from the host address to the proxy address. This is fragile and it's easier to fix it than to work around it by caching the value before it changes, so at Carlos's suggestion, I have removed the ability to overwrite the value in PlatformDisplay, and added a separate variable to track the proxy address in WTF's Sandbox helpers. I have snuck in a drive-by cleanup to avoid duplicating BASE_DIRECTORY between two files, a problem that I introduced in 255218@main. Additionally, I remove a stale declaration for XDGDBusProxy::makePath, which I forgot to delete after removing the function in the same commit. Finally, always add the extra sandbox paths to the sandbox. These were originally extra paths for the web process only, but changed to be extra paths for both web process and D-Bus proxy. It's no longer needed except for the web process, but there's no particular reason to limit it either. I'm changing this here only because it's right next to the code I'm editing anyway, and it's odd to be adding extra sandbox paths specifically for the D-Bus proxy process. Canonical link: https://commits.webkit.org/255530@main
14ccf3e
to
67cda4a
Compare
Committed 255530@main (67cda4a): https://commits.webkit.org/255530@main Reviewed commits have been landed. Closing PR #5136 and removing active labels. |
67cda4a
14ccf3e
π π§ͺ winπ wincairoπ§ͺ ios-wk2π§ͺ gtk-wk2π§ͺ api-iosπ§ͺ api-macπ§ͺ api-gtkπ§ͺ mac-wk1π§ͺ mac-wk2π§ͺ mac-AS-debug-wk2