[GTK] D-Bus proxy quietly fails if host bus address is not mounted in xdg-dbus-proxy's sandbox #5136
Commits on Oct 14, 2022
-
[GTK] D-Bus proxy quietly fails if host bus address is not mounted inβ¦
β¦ xdg-dbus-proxy's sandbox https://bugs.webkit.org/show_bug.cgi?id=246159 Reviewed by Carlos Garcia Campos. D-Bus 1.15.2 has changed the default session bus address to a filesystem socket that lives under /tmp. However, our xdg-dbus-proxy cannot access this location because we assume the session bus socket will always be mounted under /run, since that's where all major distros put it. It's OK to be flexible and mount absolutely any directory, whatever it may be, since we're not actually trying to create a sandbox that the xdg-dbus-proxy cannot break out of. It's a trusted process, and the sandbox exists solely so that portals can verify the app ID of the process that is using the proxy, which is done by inspecting /.flatpak-info in its mount namespace's filesystem root. So let's mount whatever directory is in use and move on. Credit to oreo639 for investigating the problem and proposing a fix in WebKit#5011. The a11y bus has the same theoretical problem, although it's not an issue today because currently it will always be under /run in practice. Still, we should fix it. There is one complication: PlatformDisplay currently uses just one variable for both the host a11y bus address and the proxy bus address, relying on XDGDBusProxy to change it from the host address to the proxy address. This is fragile and it's easier to fix it than to work around it by caching the value before it changes, so at Carlos's suggestion, I have removed the ability to overwrite the value in PlatformDisplay, and added a separate variable to track the proxy address in WTF's Sandbox helpers. I have snuck in a drive-by cleanup to avoid duplicating BASE_DIRECTORY between two files, a problem that I introduced in 255218@main. Additionally, I remove a stale declaration for XDGDBusProxy::makePath, which I forgot to delete after removing the function in the same commit. Finally, always add the extra sandbox paths to the sandbox. These were originally extra paths for the web process only, but changed to be extra paths for both web process and D-Bus proxy. It's no longer needed except for the web process, but there's no particular reason to limit it either. I'm changing this here only because it's right next to the code I'm editing anyway, and it's odd to be adding extra sandbox paths specifically for the D-Bus proxy process. Canonical link: https://commits.webkit.org/255530@main
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.