From patchwork Tue Feb 8 14:25:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 37089 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8556127BBEA; Tue, 8 Feb 2022 16:27:03 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id ED7E827BBE9 for ; Tue, 8 Feb 2022 16:27:02 +0000 (GMT) Received: from localhost ([::1]:45964 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nHTKY-0004fm-3W for patchwork@mira.cbaines.net; Tue, 08 Feb 2022 11:27:02 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52306) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nHRRV-00013V-8a for guix-patches@gnu.org; Tue, 08 Feb 2022 09:26:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:52072) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nHRRS-0006in-Gf for guix-patches@gnu.org; Tue, 08 Feb 2022 09:26:04 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nHRRS-0004nw-CZ for guix-patches@gnu.org; Tue, 08 Feb 2022 09:26:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#53676] [PATCH 0/5] *** PulseAudio service improvements *** Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 08 Feb 2022 14:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 53676 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler Cc: Jack Hill , 53676@debbugs.gnu.org Received: via spool by 53676-submit@debbugs.gnu.org id=B53676.164433035218450 (code B ref 53676); Tue, 08 Feb 2022 14:26:02 +0000 Received: (at 53676) by debbugs.gnu.org; 8 Feb 2022 14:25:52 +0000 Received: from localhost ([127.0.0.1]:45969 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHRRH-0004nV-KN for submit@debbugs.gnu.org; Tue, 08 Feb 2022 09:25:52 -0500 Received: from mail-qt1-f171.google.com ([209.85.160.171]:39770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHRRG-0004nJ-Gy for 53676@debbugs.gnu.org; Tue, 08 Feb 2022 09:25:51 -0500 Received: by mail-qt1-f171.google.com with SMTP id e16so14806861qtq.6 for <53676@debbugs.gnu.org>; Tue, 08 Feb 2022 06:25:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=C50fow2l9JZvVNPpZ52zxXTlwUJ5LmjkTW5jTNjNmcY=; b=bY1st+2mvsFlYXKra5kIyCofYOpP8Piw/8CCqD699CflKh6hseuvXAhl3DZIFwuaoL iFN5kPCvaf6dZCfvhJP7zL7kEa7KOdjpwAGH3fst229zXFwxMupD/Y6fGHt747XvLno2 uKVHcGjvmDjcu8I+TRz5eMNd1lR9+1fyFTEaKoZR4uakbEnESnDSuyH14dCabIaqNm+m 8gqe7UnIsjUmn8To/SIUDGikk6Nt0l9VpxY0UOzykZ/WRpVOZ+89vSXaaUkUVl3sWiN6 Br3GniVgw+h11jVcm8OI+c2N4YXKGHFbudLB6Tp9L91hEp9DF78glo35R9fqhA4Jf4dM VBQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=C50fow2l9JZvVNPpZ52zxXTlwUJ5LmjkTW5jTNjNmcY=; b=CdZyxgNjuY8/foIVZZxxHwKyDfQHI+bOf0gcGvmdnhPcNvhQYnXUj8aKxxnCbJEjAU xvh3q+Xj8lvwsfD/wt1qvTN7houzJcx8DpJkqHP0qRFud75TONeaK9zSPryNSnQNdsPh EZtBqneKXOD6LlGccUYXGZNpkKyzbnp1wuKkZR5TYpRhMHIxHthekSjF3Gcewv8th17J HwQ9PwDEBV9ve3pD5S4CHJit3neu7HIU1T7w+elaOPcKb+mQBaWpoXT34+7rt2QnGA1H QBshQy1mUuQrr5u2m0H5OhGvM91ksfRNabkWdI1vwyJ+0j1/SbHJXFPX7ZvaNpAoAeSD wQKA== X-Gm-Message-State: AOAM531BnRKRzQdKPXH2hQe3/FJsJy06WWzUg350Auc0oBdjNmuSO8lx c6rIPlNzuC1gtSOqhRRZVhcHyXnoryg= X-Google-Smtp-Source: ABdhPJwnmjw36RXubMaMNHdqP8dNoFTtgKMAycc07gyckDhXlgcurxfGLM/qGmUXb4l0wxhCkneEVw== X-Received: by 2002:a05:622a:446:: with SMTP id o6mr3124859qtx.504.1644330343714; Tue, 08 Feb 2022 06:25:43 -0800 (PST) Received: from hurd (dsl-154-179.b2b2c.ca. [66.158.154.179]) by smtp.gmail.com with ESMTPSA id a22sm7534938qtx.38.2022.02.08.06.25.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Feb 2022 06:25:43 -0800 (PST) From: Maxim Cournoyer References: <20220201041933.16603-1-maxim.cournoyer@gmail.com> <20220201041933.16603-5-maxim.cournoyer@gmail.com> <87mtj2z4xe.fsf_-_@gmail.com> Date: Tue, 08 Feb 2022 09:25:42 -0500 In-Reply-To: (Liliana Marie Prikler's message of "Tue, 08 Feb 2022 06:21:26 +0100") Message-ID: <87zgn11lll.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Hi Liliana, Liliana Marie Prikler writes: > Hi, > > Am Montag, dem 07.02.2022 um 17:29 -0500 schrieb Maxim Cournoyer: >> Thanks for this!  I wasn't aware of the history; I tried it and it >> failed the same.  The following fix I attempted in webkitgtk did not >> seem to do anything: >> >> --8<---------------cut here---------------start------------->8--- >> modified   >> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp >> @@ -24,6 +24,7 @@ >>  #include >>  #include >>  #include >> +#include >>  #include >>  #include >>  #include >> @@ -337,7 +338,16 @@ static void bindIfExists(Vector& args, >> const char* path, BindFlags bind >>          bindType = "--ro-bind-try"; >>      else >>          bindType = "--bind-try"; >> -    args.appendVector(Vector({ bindType, path, path })); >> + >> +    // Canonicalize the source path, otherwise a symbolic link could >> +    // point to a location outside of the namespace. >> +    char canonicalPath[PATH_MAX]; >> +    if (!realpath(path, canonicalPath)) { >> +        if (strlen(path) + 1 > PATH_MAX) >> +            return;                  // too long of a path >> +        strcpy(path, canonicalPath); // no-op >> +    } >> +    args.appendVector(Vector({ bindType, canonicalPath, >> path })); >>  } > Apart from raw char arrays and string.h looking funny (and wrong) in > C++, what is strcpy supposed to do here? Would it work if we mapped > canonicalPath to path (i.e. `ls path' in the container would be `ls > canonicalPath' under the hood)? I first went the C++ solution, which is std::filesystem::canonical, but was suggested in #webkitgtk (on the GNOME IRC server) to use the POSIX realpath, already in use in that file, upon finding out that their build system is configured to disallow the use of exceptions (-fno-exceptions). I refined the experiment as: --8<---------------cut here---------------start------------->8--- --8<---------------cut here---------------end--------------->8--- Which produced the intended bwrap arguments, but unfortunately that'd still fail. The issue seems to be related to attempt to bind /etc/pulse/client.conf over something already existing there; it can be simply reproduced with: --8<---------------cut here---------------start------------->8--- $ guix shell bubblewrap -- bwrap --ro-bind /gnu /gnu \ --ro-bind /etc /etc \ --ro-bind /etc/pulse/client.conf /etc/pulse/client.conf \ /gnu/store/4y5m9lb8k3qkb1y9m02sw9w9a6hacd16-bash-minimal-5.1.8/bin/bash bwrap: Can't create file at /etc/pulse/client.conf: No such file or directory --8<---------------cut here---------------end--------------->8--- One thing to try would be to not bind mount client.conf; /etc/ is already bind mounted as a whole. If the resolved paths are all bind mounted (which they are since we share the whole of /gnu), we should be OK. Alternatively we could try to bind only the resolved paths, and rewrite the environment variables such as PULSE_CLIENTCONFIG at run time in webkitgtk such that it points to the resolved destination. To be continued... Maxim diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp index 0d5dd4f6986d..1512b73a985d 100644 --- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp +++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp @@ -325,6 +325,18 @@ enum class BindFlags { Device, }; +static void bindSymlinksRealPath(Vector& args, const char* path, + const char* bindOption = "--ro-bind") +{ + char realPath[PATH_MAX]; + + if (realpath(path, realPath) && strcmp(path, realPath)) { + args.appendVector(Vector({ + bindOption, realPath, realPath, + })); + } +} + static void bindIfExists(Vector& args, const char* path, BindFlags bindFlags = BindFlags::ReadOnly) { if (!path || path[0] == '\0') @@ -337,6 +349,10 @@ static void bindIfExists(Vector& args, const char* path, BindFlags bind bindType = "--ro-bind-try"; else bindType = "--bind-try"; + + // Canonicalize the source path, otherwise a symbolic link could + // point to a location outside of the namespace. + bindSymlinksRealPath(args, path, bindType); args.appendVector(Vector({ bindType, path, path })); } @@ -615,17 +631,6 @@ static void bindV4l(Vector& args) })); } -static void bindSymlinksRealPath(Vector& args, const char* path) -{ - char realPath[PATH_MAX]; - - if (realpath(path, realPath) && strcmp(path, realPath)) { - args.appendVector(Vector({ - "--ro-bind", realPath, realPath, - })); - } -} - // Translate a libseccomp error code into an error message. libseccomp // mostly returns negative errno values such as -ENOMEM, but some // standard errno values are used for non-standard purposes where their