Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

input: Ensure sockets are accessible from within the container #1381

Open
wants to merge 1 commit into
base: master
from

Conversation

@Minecrell
Copy link

Minecrell commented Mar 9, 2020

The input sockets are created within the user tmpfs (e.g. /run/user/...).
Files/sockets created there might not be accessible to other users.
Since the input sockets are bind-mounted into the Android container,
it will crash with "Permission denied" when it is unable to access them.

Make sure to give the created directory+socket files appropriate
permissions so they can be accessed within the Android container.

Similar code exists for the anbox_bridge and anbox_audio socket:

// Make sure others can connect to our socket
::chmod(container_socket_path.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);

// FIXME: currently creating the socket creates it with the rights of
// the user we're running as. As this one is mapped into the container
::chmod(socket_file_.c_str(), 0777);

Fixes #603.

Cc: @necessarily-equal

@necessarily-equal

This comment has been minimized.

Copy link
Contributor

necessarily-equal commented Mar 10, 2020

Tested it to work. It unbreaks input on pinephone/X11.

Copy link
Member

morphis left a comment

Thanks, LGTM!

@morphis

This comment has been minimized.

Copy link
Member

morphis commented Mar 27, 2020

Can we get this rebased on latest master?

The input sockets are created within the user tmpfs (e.g. /run/user/...).
Files/sockets created there might not be accessible to other users.
Since the input sockets are bind-mounted into the Android container,
it will crash with "Permission denied" when it is unable to access them.

Make sure to give the created directory+socket files appropriate
permissions so they can be accessed within the Android container.

Similar code exists for the anbox_bridge and anbox_audio socket in
  - src/anbox/container/service.cpp (anbox_bridge)
  - src/anbox/audio/server.cpp (anbox_audio)
@Minecrell Minecrell force-pushed the pmanbox:input-chmod branch from 407f200 to 2a210e7 Mar 27, 2020
@Minecrell

This comment has been minimized.

Copy link
Author

Minecrell commented Mar 27, 2020

Can we get this rebased on latest master?

Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

3 participants
You can’t perform that action at this time.