Check that caller is from the same namespace as the booster and the
calling binary is /usr/bin/invoker.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
Check that caller is from the same namespace as the booster and the
calling binary is /usr/bin/invoker.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
This makes sure that we retain the behaviour we had before for
non-sandboxed apps. This is done to ensure that locking uses appName()
when using for example QML based applications.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
Without including libgen.h, basename is not available on Musl.
sourceArgv[0] is a const char* which can not be converted to char*, so
cast it instead
RTLD_DEEPBIND is not available on Musl, only on glibc (since 2.3.4)
ARG_MAX is already defined so it has to be renamed
Even according to glibc itself, <bits/socket.h> should never be included
directly and <sys/socket.h> should, which is already done anyway
Separate cgroups of sandboxed apps. Previously they were all put to the
same group with this change they are in separate groups.
Looking at invoker.c appName and fileName are the same and can be used
interchangeably.
Also change --desktop-file to have a bit more accurate description.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
Applications launched via sailjail have their appName set to
/usr/bin/sailjail and that is used to set single instance lock. That
results in not being able to launch multiple different applications
simultaneously via mapplauncher. Mitigate this by using actual
application name for single instance lock.
This implements a very simple way of deducing the application binary
path from sailjail's arguments. It works for most cases and the
remaining cases can be worked around.
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
Don't trust to UID/GID received from untrusted invoker request when deciding
whether to drop extra groups for non-privileged apps. The application's
rights should depend only on the stated application's privileges and not
on the caller's process rights.
Drop setuid() because the boosters are launched under "nemo" user ID in
user session.
Signed-off-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Under Linux, setgid() is implemented like the POSIX version with the
_POSIX_SAVED_IDS feature. That means that after "setgid(nemo)" SGID
will be set to "privileged" instead of "nemo". So using "setresuid()"
instead.
Signed-off-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
The process forks twice when daemonizing, we need to wait for
the first fork to exit after it has written the PID of the second
fork before exiting the original process otherwise systemd may
try and read the file before it exists.
[mapplauncherd] Allow a list of booster types to be provided. Contributes to JB#34267
Allows fallback boosters to be specified, e.g.
invoker -s --type=silica-media,silica-qt5 /usr/bin/jolla-camera
See merge request !1
Tomi Leppänen
Raine Makelainen
Raine Makelainen
pvuorela
Bart Ribbers
Niels Breet
Chupligin Sergey
Andrew Branson
Andrew Branson
Igor Zhbanov
Andrew den Exter
Andrew den Exter
Aleksey Mikhaylov
Slava Monich
Slava Monich
Sergey Chupligin
Chris Adams
Lucien XU
martinjones
Robin Burchell
Robin Burchell