bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin

From:	Efraim Flashner
Subject:	bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin
Date:	Fri, 9 Apr 2021 13:09:03 +0300

On Thu, Apr 08, 2021 at 11:07:31AM -0400, Mark H Weaver wrote:
> I suspect that the relevant bit that needs to be changed is line 779 of
> the following file in the webkitgtk-2.32.0 source code:
> 
>   Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
> 
> Most likely, that line can simply be deleted.  Here's the relevant
> excerpt, with line 779 marked by "==>":

Looking at the other lines above it, we could just change it from
ro-bind to ro-bind-try.

> 
> --8<---------------cut here---------------start------------->8---
> GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const 
> ProcessLauncher::LaunchOptions& launchOptions, char** argv, GError **error)
> {
>     ASSERT(launcher);
> 
>     // For now we are just considering the network process trusted as it
>     // requires a lot of access but doesn't execute arbitrary code like
>     // the WebProcess where our focus lies.
>     if (launchOptions.processType == ProcessLauncher::ProcessType::Network)
>         return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error));
> 
>     const char* runDir = g_get_user_runtime_dir();
>     Vector<CString> sandboxArgs = {
>         "--die-with-parent",
>         "--unshare-pid",
>         "--unshare-uts",
> 
>         // We assume /etc has safe permissions.
>         // At a later point we can start masking privacy-concerning files.
>         "--ro-bind", "/etc", "/etc",
>         "--dev", "/dev",
>         "--proc", "/proc",
>         "--tmpfs", "/tmp",
>         "--unsetenv", "TMPDIR",
>         "--dir", runDir,
>         "--setenv", "XDG_RUNTIME_DIR", runDir,
>         "--symlink", "../run", "/var/run",
>         "--symlink", "../tmp", "/var/tmp",
>         "--ro-bind", "/sys/block", "/sys/block",
>         "--ro-bind", "/sys/bus", "/sys/bus",
>         "--ro-bind", "/sys/class", "/sys/class",
>         "--ro-bind", "/sys/dev", "/sys/dev",
>         "--ro-bind", "/sys/devices", "/sys/devices",
> 
>         "--ro-bind-try", "/usr/share", "/usr/share",
>         "--ro-bind-try", "/usr/local/share", "/usr/local/share",
>         "--ro-bind-try", DATADIR, DATADIR,
> 
>        // Bind mount the store inside the WebKitGTK sandbox.
>        "--ro-bind", "@storedir@", "@storedir@",
> 
>         // We only grant access to the libdirs webkit is built with and
>         // guess system libdirs. This will always have some edge cases.
>         "--ro-bind-try", "/lib", "/lib",
>         "--ro-bind-try", "/usr/lib", "/usr/lib",
>         "--ro-bind-try", "/usr/local/lib", "/usr/local/lib",
>         "--ro-bind-try", LIBDIR, LIBDIR,
>         "--ro-bind-try", "/lib64", "/lib64",
>         "--ro-bind-try", "/usr/lib64", "/usr/lib64",
>         "--ro-bind-try", "/usr/local/lib64", "/usr/local/lib64",
> 
>         "--ro-bind-try", PKGLIBEXECDIR, PKGLIBEXECDIR,
>     };
> 
>     if (launchOptions.processType == ProcessLauncher::ProcessType::DBusProxy) 
> {
>         sandboxArgs.appendVector(Vector<CString>({
> ==>         "--ro-bind", "/usr/bin", "/usr/bin",
>             // This is a lot of access, but xdg-dbus-proxy is trusted so 
> that's OK. It's sandboxed
>             // only because we have to mount .flatpak-info in its mount 
> namespace. The user rundir
>             // is where we mount our proxy socket.
>             "--bind", runDir, runDir,
>         }));
>     } else {
>         // xdg-dbus-proxy needs access to host abstract sockets to connect to 
> the a11y bus. Secure
>         // host services must not use abstract sockets. Otherwise, only the 
> network process should
>         // have network access, and the network process is not sandboxed at 
> all.
>         sandboxArgs.appendVector(Vector<CString>({
>             "--unshare-net"
>         }));
>     }
> --8<---------------cut here---------------end--------------->8---
> 
>        Mark

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47628: Epiphany fails to launch after webkitgtk-2.32.0 update, Mark H Weaver, 2021/04/06
- bug#47628: webkitgtk-2.32.0 is broken on my system (was Re: bug#47628: Epiphany fails to launch after webkitgtk-2.32.0 update), Mark H Weaver, 2021/04/06
  - bug#47628: webkitgtk-2.32.0 is broken on my system, Guillaume Le Vaillant, 2021/04/07
    - bug#47628: webkitgtk-2.32.0 is broken on my system, Efraim Flashner, 2021/04/08
    - bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin/env, Mark H Weaver, 2021/04/08
    - bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin, Mark H Weaver, 2021/04/08
    - bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin, Mark H Weaver, 2021/04/08
    - bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin, Efraim Flashner <=
    - bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin, Mark H Weaver, 2021/04/13
    - bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin, Efraim Flashner, 2021/04/14

Prev by Date: bug#46829: `guix pull` uses incorrect certificate store
Next by Date: bug#47325: [PATCH] gnu: newlib-nano: Fix nano lib and header paths
Previous by thread: bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin
Next by thread: bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin
Index(es):
- Date
- Thread