[epiphany] Revert "Revert "Revert "Try to make flatpak-spawn subsandbox not break D-Bus server"""

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany] Revert "Revert "Revert "Try to make flatpak-spawn subsandbox not break D-Bus server"""
Date: Fri, 26 Jul 2019 00:48:37 +0000 (UTC)
commit 024b844fb0dd543131fff3fd444fcffb4be4dba0
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Thu Jul 25 19:47:45 2019 -0500

    Revert "Revert "Revert "Try to make flatpak-spawn subsandbox not break D-Bus server"""
    
    This reverts commit 30129a05a4d40cb9ff52eb5f79650eb9cc2a431f.
    
    The flatpak-spawn subsandbox is no more, so there's no need for this.

 embed/ephy-embed-shell.c | 22 +++++++---------------
 meson.build              |  2 +-
 2 files changed, 8 insertions(+), 16 deletions(-)
---
diff --git a/embed/ephy-embed-shell.c b/embed/ephy-embed-shell.c
index ea33ebb9d..6c990f3e8 100644
--- a/embed/ephy-embed-shell.c
+++ b/embed/ephy-embed-shell.c
@@ -48,7 +48,6 @@
 
 #include <glib/gi18n.h>
 #include <gtk/gtk.h>
-#include <stdint.h>
 #include <stdlib.h>
 
 #define PAGE_SETUP_FILENAME "page-setup-gtk.ini"
@@ -1028,24 +1027,19 @@ authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
   return ephy_dbus_peer_is_authorized (credentials);
 }
 
-static char *
+static void
 ephy_embed_shell_setup_web_process_extensions_server (EphyEmbedShell *shell)
 {
   EphyEmbedShellPrivate *priv = ephy_embed_shell_get_instance_private (shell);
-  g_autofree char *socket_basename = NULL;
-  g_autofree char *socket_path = NULL;
-  g_autofree char *address = NULL;
   g_autoptr (GDBusAuthObserver) observer = NULL;
+  g_autofree char *address = NULL;
   g_autoptr (GError) error = NULL;
 
   /* Due to the bubblewrap sandbox, we cannot use any abstract sockets here.
    * This means that unix:tmpdir= or unix:abstract= addresses will not work.
-   * Additionally, we cannot put the socket under /tmp because that won't work
-   * under a flatpak-spawn subsandbox.
+   * Using unix:dir= guarantees that abstract sockets won't be used.
    */
-  socket_basename = g_strdup_printf ("ephy-embed-server-%jd", (intmax_t)getpid ());
-  socket_path = g_build_filename ("/var/tmp", socket_basename, NULL);
-  address = g_strdup_printf ("unix:path=%s", socket_path);
+  address = g_strdup_printf ("unix:dir=%s", ephy_file_tmp_dir ());
 
   observer = g_dbus_auth_observer_new ();
 
@@ -1066,13 +1060,12 @@ ephy_embed_shell_setup_web_process_extensions_server (EphyEmbedShell *shell)
 
   if (error) {
     g_warning ("Failed to start embed shell D-Bus server on %s: %s", address, error->message);
-    return NULL;
+    return;
   }
 
   g_signal_connect_object (priv->dbus_server, "new-connection",
                            G_CALLBACK (new_connection_cb), shell, 0);
   g_dbus_server_start (priv->dbus_server);
-  return g_steal_pointer (&socket_path);
 }
 
 static void
@@ -1144,13 +1137,12 @@ ephy_embed_shell_startup (GApplication *application)
   g_autofree char *filename = NULL;
   g_autofree char *cookie_policy = NULL;
   g_autofree char *filters_dir = NULL;
-  g_autofree char *dbus_socket_path = NULL;
 
   G_APPLICATION_CLASS (ephy_embed_shell_parent_class)->startup (application);
 
   ephy_embed_shell_create_web_context (shell);
 
-  dbus_socket_path = ephy_embed_shell_setup_web_process_extensions_server (shell);
+  ephy_embed_shell_setup_web_process_extensions_server (shell);
 
   /* User content manager */
   if (priv->mode != EPHY_EMBED_SHELL_MODE_TEST)
@@ -1219,7 +1211,7 @@ ephy_embed_shell_startup (GApplication *application)
   webkit_web_context_set_process_model (priv->web_context, 
WEBKIT_PROCESS_MODEL_MULTIPLE_SECONDARY_PROCESSES);
 
   webkit_web_context_set_sandbox_enabled (priv->web_context, TRUE);
-  webkit_web_context_add_path_to_sandbox (priv->web_context, dbus_socket_path, TRUE);
+  webkit_web_context_add_path_to_sandbox (priv->web_context, ephy_file_tmp_dir (), TRUE);
   webkit_web_context_add_path_to_sandbox (priv->web_context, ephy_profile_dir (), TRUE);
   webkit_web_context_add_path_to_sandbox (priv->web_context, ephy_cache_dir (), TRUE);
   webkit_web_context_add_path_to_sandbox (priv->web_context, ephy_config_dir (), TRUE);
diff --git a/meson.build b/meson.build
index 438b55aca..6c47fbe46 100644
--- a/meson.build
+++ b/meson.build
@@ -73,7 +73,7 @@ config_h = declare_dependency(
   )
 )
 
-glib_requirement = '>= 2.56.0'
+glib_requirement = '>= 2.61.2'
 gtk_requirement = '>= 3.24.0'
 nettle_requirement = '>= 3.4'
 webkitgtk_requirement = '>= 2.25.1'
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]