diff --git a/src/xdp-utils.c b/src/xdp-utils.c index 0a593273c..77641d268 100644 --- a/src/xdp-utils.c +++ b/src/xdp-utils.c @@ -2402,7 +2402,42 @@ xdp_app_info_ensure_pidns_flatpak (XdpAppInfo *app_info, } app_info->pidns_id = ns; + return TRUE; +} + +static gboolean +xdp_app_info_ensure_pidns_containers1 (XdpAppInfo *app_info, + DIR *proc, + GError **error) +{ + ino_t ns; + int r; + if (xdp_app_info_is_flatpak (app_info)) + { + /* Containers1 is supposed to be generic but currently flatpak still + * sets up the xdg-dbus-proxy which the pidfd is pointing at. When dbus + * learns about ACL, it can replace the proxy and the pidfd starts + * pointing to the right process. + * Until that happens, we can safely fall back to the flatpak-specific + * path. It uses the flatpak instance id to look up the PID and + * Containers1 knows the instance id. + */ + return xdp_app_info_ensure_pidns_flatpak (app_info, proc, error); + } + + r = lookup_ns_from_pid_fd (app_info->u.containers1.pidfd, &ns); + if (r < 0) + { + int code = g_io_error_from_errno (-r); + g_set_error (error, G_IO_ERROR, code, + "Could not lookup PID namespace from pidfd: %s", + g_strerror (-r)); + + return FALSE; + } + + app_info->pidns_id = ns; return TRUE; } @@ -2419,6 +2454,9 @@ xdp_app_info_ensure_pidns (XdpAppInfo *app_info, if (app_info->kind == XDP_APP_INFO_KIND_FLATPAK) return xdp_app_info_ensure_pidns_flatpak (app_info, proc, error); + if (app_info->kind == XDP_APP_INFO_KIND_CONTAINERS1) + return xdp_app_info_ensure_pidns_containers1 (app_info, proc, error); + return FALSE; } @@ -2440,13 +2478,6 @@ app_info_map_pids (XdpAppInfo *app_info, if (app_info->kind == XDP_APP_INFO_KIND_HOST) return TRUE; - if (app_info->kind != XDP_APP_INFO_KIND_FLATPAK) - { - g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, - "Mapping pids is not supported."); - return FALSE; - } - proc = opendir (proc_dir); if (proc == NULL) {