[epiphany/wip/sandbox] embed-shell: use a unix:path address for the D-Bus server

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/wip/sandbox] embed-shell: use a unix:path address for the D-Bus server
Date: Thu, 20 Jun 2019 16:19:31 +0000 (UTC)

commit b35ba9bccdcf053c4145a00007c2b01409507b6d
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Wed Jun 12 16:30:19 2019 -0500

    embed-shell: use a unix:path address for the D-Bus server
    
    This will allow sandboxed web processes to connect to the D-Bus server.

 embed/ephy-embed-shell.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)
---
diff --git a/embed/ephy-embed-shell.c b/embed/ephy-embed-shell.c
index 8ee2e9ebe..774ce7175 100644
--- a/embed/ephy-embed-shell.c
+++ b/embed/ephy-embed-shell.c
@@ -1024,15 +1024,26 @@ authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
   return ephy_dbus_peer_is_authorized (credentials);
 }
 
+static char *
+dbus_server_socket_path (void)
+{
+  return g_build_filename (ephy_file_tmp_dir (), "embed-shell-socket", NULL);
+}
+
 static void
 ephy_embed_shell_setup_web_process_extensions_server (EphyEmbedShell *shell)
 {
   EphyEmbedShellPrivate *priv = ephy_embed_shell_get_instance_private (shell);
   g_autoptr(GDBusAuthObserver) observer = NULL;
   g_autofree char *address = NULL;
+  g_autofree char *socket_path = NULL;
   g_autoptr(GError) error = NULL;
 
-  address = g_strdup_printf ("unix:tmpdir=%s", g_get_tmp_dir ());
+  /* Due to the bubblewrap sandbox, we cannot use any abstract sockets here.
+   * This means that unix:tmpdir= or unix:abstract= addresses will not work.
+   */
+  socket_path = dbus_server_socket_path ();
+  address = g_strdup_printf ("unix:path=%s", dbus_server_socket_path ());
 
   observer = g_dbus_auth_observer_new ();
 
@@ -1052,7 +1063,7 @@ ephy_embed_shell_setup_web_process_extensions_server (EphyEmbedShell *shell)
                                               &error);
 
   if (error) {
-    g_warning ("Failed to start web process extension server on %s: %s", address, error->message);
+    g_warning ("Failed to start embed shell D-Bus server on %s: %s", address, error->message);
     return;
   }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]