maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

system/dbus/proc: host abstract only when not binding

Browse Source 
The test failure seems to be caused by an unrelated bug in xdg-dbus-proxy.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-08-19 23:39:14 +09:00
parent 140fe21237
commit 6947ff04e0
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
system/dbus/proc.go
View File

@@ -64,10 +64,6 @@ func (p *Proxy) Start() error {
argF, func(z *container.Container) { argF, func(z *container.Container) {
z.SeccompFlags |= seccomp.AllowMultiarch z.SeccompFlags |= seccomp.AllowMultiarch
z.SeccompPresets |= seccomp.PresetStrict z.SeccompPresets |= seccomp.PresetStrict
// xdg-dbus-proxy fails with scoped abstract unix sockets despite pathname socket being available
z.HostAbstract = true
z.Hostname = "hakurei-dbus" z.Hostname = "hakurei-dbus"
if p.output != nil { if p.output != nil {
z.Stdout, z.Stderr = p.output, p.output z.Stdout, z.Stderr = p.output, p.output
@@ -102,6 +98,9 @@ func (p *Proxy) Start() error {
for _, name := range upstreamPaths { for _, name := range upstreamPaths {
z.Bind(name, name, 0) z.Bind(name, name, 0)
} }
if len(upstreamPaths) == 0 {
z.HostAbstract = true
}
// parent directories of bind paths // parent directories of bind paths
sockDirPaths := make([]*container.Absolute, 0, 2) sockDirPaths := make([]*container.Absolute, 0, 2)