Support PID/TID remapping with Containers1

flatpak · Jan 19, 2024 · 051e9d4 · 051e9d4
1 parent d48040f
commit 051e9d4
Showing 1 changed file with 38 additions and 7 deletions.
diff --git a/src/xdp-utils.c b/src/xdp-utils.c
@@ -2402,7 +2402,42 @@ xdp_app_info_ensure_pidns_flatpak (XdpAppInfo  *app_info,
     }
 
   app_info->pidns_id = ns;
+  return TRUE;
+}
+
+static gboolean
+xdp_app_info_ensure_pidns_containers1 (XdpAppInfo  *app_info,
+                                       DIR         *proc,
+                                       GError     **error)
+{
+  ino_t ns;
+  int r;
 
+  if (xdp_app_info_is_flatpak (app_info))
+    {
+      /* Containers1 is supposed to be generic but currently flatpak still
+       * sets up the xdg-dbus-proxy which the pidfd is pointing at. When dbus
+       * learns about ACL, it can replace the proxy and the pidfd starts
+       * pointing to the right process.
+       * Until that happens, we can safely fall back to the flatpak-specific
+       * path. It uses the flatpak instance id to look up the PID and
+       * Containers1 knows the instance id.
+       */
+      return xdp_app_info_ensure_pidns_flatpak (app_info, proc, error);
+    }
+
+  r = lookup_ns_from_pid_fd (app_info->u.containers1.pidfd, &ns);
+  if (r < 0)
+    {
+      int code = g_io_error_from_errno (-r);
+      g_set_error (error, G_IO_ERROR, code,
+                   "Could not lookup PID namespace from pidfd: %s",
+                   g_strerror (-r));
+
+      return FALSE;
+    }
+
+  app_info->pidns_id = ns;
   return TRUE;
 }
 
@@ -2419,6 +2454,9 @@ xdp_app_info_ensure_pidns (XdpAppInfo  *app_info,
   if (app_info->kind == XDP_APP_INFO_KIND_FLATPAK)
     return xdp_app_info_ensure_pidns_flatpak (app_info, proc, error);
 
+  if (app_info->kind == XDP_APP_INFO_KIND_CONTAINERS1)
+    return xdp_app_info_ensure_pidns_containers1 (app_info, proc, error);
+
   return FALSE;
 }
 
@@ -2440,13 +2478,6 @@ app_info_map_pids (XdpAppInfo  *app_info,
   if (app_info->kind == XDP_APP_INFO_KIND_HOST)
     return TRUE;
 
-  if (app_info->kind != XDP_APP_INFO_KIND_FLATPAK)
-    {
-      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
-                           "Mapping pids is not supported.");
-      return FALSE;
-    }
-
   proc = opendir (proc_dir);
   if (proc == NULL)
     {