[bug#53676] [PATCH 0/5] *** PulseAudio service improvements ***

[Maxim Cournoyer <maxim.cournoyer@gmail.com>]

Hi Jack,

Jack Hill <jackhill@jackhill.us> writes:

> On Tue, 1 Feb 2022, Liliana Marie Prikler wrote:
>
>> Hi,
>>
>> Am Montag, dem 31.01.2022 um 23:19 -0500 schrieb Maxim Cournoyer:
>>> * gnu/services/sound.scm (pulseaudio-environment)
>>> [PULSE_CONFIG, PULSE_CLIENTCONFIG]: Use fix locations, and move logic
>>> to...
>>> (pulseaudio-etc): ... this service extension.  Guard against producing
>>> empty files.
>>
>> This patch reproduces (more or less) the initial layout we had for
>> pulseaudio-service-type.  However, that layout has been reported to not
>> work with some sandboxes.  I tried tracking down a specific bug, but
>> could only gather <https://issues.guix.gnu.org/42118#3>.
>>
>>> Due to a bug with webkit sandboxing, we no longer put daemon.conf
>>> into /etc/pulse (my bad), but rather set PULSE_CONFIG to directly
>>> point to it.
>>
>> In other words, we should check whether Epiphany still plays sound
>> properly with this patch applied.
>>
>> Cheers
>
> I reported the original bugs for this in Guix [0] and WebKitGTK [1],
> so it was easy for me to find the references; hope they help!
> Unfortunately, it doesn't look like the WebKitGTK bug has been fixed
> (probably waiting on a C++ hacker). Note that the symptom I saw wasn't
> just that sound didn't work, but that the sandboxed processes crashed,
> so no web content was rendered.
>
> [0] https://issues.guix.gnu.org/40837
> [1] https://bugs.webkit.org/show_bug.cgi?id=211131
>
> Unfortunately, I haven't had time to test this series.

Thanks for this!  I wasn't aware of the history; I tried it and it
failed the same.  The following fix I attempted in webkitgtk did not
seem to do anything:

--8<---------------cut here---------------start------------->8---
modified   Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
@@ -24,6 +24,7 @@
 #include <fcntl.h>
 #include <glib.h>
 #include <seccomp.h>
+#include <string.h>
 #include <sys/ioctl.h>
 #include <sys/mman.h>
 #include <unistd.h>
@@ -337,7 +338,16 @@ static void bindIfExists(Vector<CString>& args, const char* path, BindFlags bind
         bindType = "--ro-bind-try";
     else
         bindType = "--bind-try";
-    args.appendVector(Vector<CString>({ bindType, path, path }));
+
+    // Canonicalize the source path, otherwise a symbolic link could
+    // point to a location outside of the namespace.
+    char canonicalPath[PATH_MAX];
+    if (!realpath(path, canonicalPath)) {
+        if (strlen(path) + 1 > PATH_MAX)
+            return;                  // too long of a path
+        strcpy(path, canonicalPath); // no-op
+    }
+    args.appendVector(Vector<CString>({ bindType, canonicalPath, path }));
 }
 
 static void bindDBusSession(Vector<CString>& args, XDGDBusProxyLauncher& proxy)
--8<---------------cut here---------------end--------------->8---

Thanks,

Maxim