From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 6Dm1Cg2CdWCzVwEAgWs5BA (envelope-from ) for ; Tue, 13 Apr 2021 13:35:41 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id gDyPBA2CdWBcWwAAB5/wlQ (envelope-from ) for ; Tue, 13 Apr 2021 11:35:41 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5D0CFFD2F for ; Tue, 13 Apr 2021 13:35:40 +0200 (CEST) Received: from localhost ([::1]:46568 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lWHKT-0003dg-MC for larch@yhetil.org; Tue, 13 Apr 2021 07:35:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36536) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lWHJu-0003cP-H5 for bug-guix@gnu.org; Tue, 13 Apr 2021 07:35:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:47491) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lWHJt-0003a2-Mq for bug-guix@gnu.org; Tue, 13 Apr 2021 07:35:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lWHJt-0001Cx-Ki for bug-guix@gnu.org; Tue, 13 Apr 2021 07:35:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47628: webkitgtk-2.32.0 fails to launch without /usr/bin Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 13 Apr 2021 11:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47628 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Received: via spool by 47628-submit@debbugs.gnu.org id=B47628.16183136914614 (code B ref 47628); Tue, 13 Apr 2021 11:35:01 +0000 Received: (at 47628) by debbugs.gnu.org; 13 Apr 2021 11:34:51 +0000 Received: from localhost ([127.0.0.1]:59037 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lWHJj-0001CM-31 for submit@debbugs.gnu.org; Tue, 13 Apr 2021 07:34:51 -0400 Received: from flashner.co.il ([178.62.234.194]:55412) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lWHJh-0001C9-1W for 47628@debbugs.gnu.org; Tue, 13 Apr 2021 07:34:49 -0400 Received: from localhost (unknown [31.210.177.71]) by flashner.co.il (Postfix) with ESMTPSA id CB661405C9; Tue, 13 Apr 2021 11:34:42 +0000 (UTC) Date: Fri, 9 Apr 2021 13:09:03 +0300 From: Efraim Flashner Message-ID: References: <87tuojni9a.fsf@netris.org> <87r1jnnhfi.fsf@netris.org> <87lf9upmwb.fsf@yamatai> <87h7kgoo2z.fsf@netris.org> <87blaoonha.fsf@netris.org> <878s5solv5.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6KZcnYiQUZRRFNmU" Content-Disposition: inline In-Reply-To: <878s5solv5.fsf@netris.org> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 47628@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1618313740; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=cXa4UoHNQYbPLU+jDoCsE3PQoauj72NGKPs4YVEDzYI=; b=ek9zx5AWaituebaK2qEL9zOSeGa+JMlVlwq1LjWzKg68Pj+ZkX6FT3bpfpytjz4Omwq150 rJYpv9O/f+YkAw8xI3fVpWGrYmsGh93aJrtkXj1sY5P+h7WrQxravkGilmwzWOuFbFrJnm 0vAOyXBsOpqANAzaVb3DYbNavrxraQKwDIzhg8aUUTRUAjDMEz6bfZogMM4Jpsb4zVyt11 ZCBb41g8Lq6+yOibabuR2LuBTTxqLhhlJ43mcM9MybpcnIU+ytLQN/ACX1vnRhLwN/gv9l FfRwNNO2wdMYbVLL0tWhWtBwgZqS31PjS5lxIfrhg9+wMnCY+GOeIUqqkz6G+A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1618313740; a=rsa-sha256; cv=none; b=a27LMHG0BCGeyDCLeBPaVyNhCJNIHlM2Zlm74ujGwaLOqlVVlk8YRj6+V+6eC+b37/UrA5 oymtW8ZV5mBSUOwTamPh/Olg+Bv6A+ICCCbGUGAN2tLv2iagwBUbX9UQTiVdWDp0eCdgoy VoDTZcQUw04eFbB13l/8dUdRnIRIxEMwJjpz7mvMyxC9SvabytZBxqxfwrGmnwjCJUuaZi vnU9mnz80gC8z+LDrYEH59Rl0bo/xXE4Mdf7Vs0i+WQ+9d1p+Eu2xhEV1WR787B/yPS0hO amEOzQ7nsMICAYIxmyCsbAiiPF93J3+zxVSTLQOK3cnxobsKdp5RtYFE292NCQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -3.04 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 5D0CFFD2F X-Spam-Score: -3.04 X-Migadu-Scanner: scn0.migadu.com X-TUID: smTSzuf9cd8/ --6KZcnYiQUZRRFNmU Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 08, 2021 at 11:07:31AM -0400, Mark H Weaver wrote: > I suspect that the relevant bit that needs to be changed is line 779 of > the following file in the webkitgtk-2.32.0 source code: >=20 > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp >=20 > Most likely, that line can simply be deleted. Here's the relevant > excerpt, with line 779 marked by "=3D=3D>": Looking at the other lines above it, we could just change it from ro-bind to ro-bind-try. >=20 > --8<---------------cut here---------------start------------->8--- > GRefPtr bubblewrapSpawn(GSubprocessLauncher* launcher, const= ProcessLauncher::LaunchOptions& launchOptions, char** argv, GError **error) > { > ASSERT(launcher); >=20 > // For now we are just considering the network process trusted as it > // requires a lot of access but doesn't execute arbitrary code like > // the WebProcess where our focus lies. > if (launchOptions.processType =3D=3D ProcessLauncher::ProcessType::Ne= twork) > return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, err= or)); >=20 > const char* runDir =3D g_get_user_runtime_dir(); > Vector sandboxArgs =3D { > "--die-with-parent", > "--unshare-pid", > "--unshare-uts", >=20 > // We assume /etc has safe permissions. > // At a later point we can start masking privacy-concerning files. > "--ro-bind", "/etc", "/etc", > "--dev", "/dev", > "--proc", "/proc", > "--tmpfs", "/tmp", > "--unsetenv", "TMPDIR", > "--dir", runDir, > "--setenv", "XDG_RUNTIME_DIR", runDir, > "--symlink", "../run", "/var/run", > "--symlink", "../tmp", "/var/tmp", > "--ro-bind", "/sys/block", "/sys/block", > "--ro-bind", "/sys/bus", "/sys/bus", > "--ro-bind", "/sys/class", "/sys/class", > "--ro-bind", "/sys/dev", "/sys/dev", > "--ro-bind", "/sys/devices", "/sys/devices", >=20 > "--ro-bind-try", "/usr/share", "/usr/share", > "--ro-bind-try", "/usr/local/share", "/usr/local/share", > "--ro-bind-try", DATADIR, DATADIR, >=20 > // Bind mount the store inside the WebKitGTK sandbox. > "--ro-bind", "@storedir@", "@storedir@", >=20 > // We only grant access to the libdirs webkit is built with and > // guess system libdirs. This will always have some edge cases. > "--ro-bind-try", "/lib", "/lib", > "--ro-bind-try", "/usr/lib", "/usr/lib", > "--ro-bind-try", "/usr/local/lib", "/usr/local/lib", > "--ro-bind-try", LIBDIR, LIBDIR, > "--ro-bind-try", "/lib64", "/lib64", > "--ro-bind-try", "/usr/lib64", "/usr/lib64", > "--ro-bind-try", "/usr/local/lib64", "/usr/local/lib64", >=20 > "--ro-bind-try", PKGLIBEXECDIR, PKGLIBEXECDIR, > }; >=20 > if (launchOptions.processType =3D=3D ProcessLauncher::ProcessType::DB= usProxy) { > sandboxArgs.appendVector(Vector({ > =3D=3D> "--ro-bind", "/usr/bin", "/usr/bin", > // This is a lot of access, but xdg-dbus-proxy is trusted so = that's OK. It's sandboxed > // only because we have to mount .flatpak-info in its mount n= amespace. The user rundir > // is where we mount our proxy socket. > "--bind", runDir, runDir, > })); > } else { > // xdg-dbus-proxy needs access to host abstract sockets to connec= t to the a11y bus. Secure > // host services must not use abstract sockets. Otherwise, only t= he network process should > // have network access, and the network process is not sandboxed = at all. > sandboxArgs.appendVector(Vector({ > "--unshare-net" > })); > } > --8<---------------cut here---------------end--------------->8--- >=20 > Mark --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --6KZcnYiQUZRRFNmU Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmBwJ78ACgkQQarn3Mo9 g1GJERAAgZ74bdAp37HWR8pMOxxJ3gviHRve3Fygw1H8jI1ucAkEqqttVLNwebTT zrPe27Jk/oHorap6r1J8K9beIrRJwOZRe/zJbIwmKa2tAU/myiCqUhHbXDmprqhV qsx2U7fRLgLaSiGktBYbTVkTkwCQlPSl/8PbPqvdfCKkWtxduJiX2f4AkGFGtUit TFAnguXl1MOUnhKhdMNABH7KlVZ2ZXN0eVm/h8m5+4CMhlv3xKzD18EQ5O+r17aQ JQAABJ4C3epk6pQ70Ys9miVHVRL+Il0zvrbnHHtheeC0MBK8lU0HwEHJChzsdZZW fvDxH49fClVmCkGuZmCDRzuLDFfWeTb/0uB3pGV68icJkSexExsM391M9F1PQ84Q tuzgRlTZel5NCvSEh4C9OynDgo8sHiBmqO0kEi7myszXb78ysFwnyyB2k/KBDsJl SbS5mBwfqyLM/EgpD+uT1DTLPW6paUuw2LBcc4OL6eAHOB2FZcHyqkIF/KotJNLK fWKMKDY5cPeBL3Bp99cOURuwqWPBJUbIjji8a/I3t40NzkfkdQ035jj9lgn587kI 6ZksTM0gTvpEjxfTlU1pGfo5w+NJhnqvQGPa8YGgL5wPRoZSpZ09b6y15nLE3LLt JYZ8z7SyzXgcKUYpJbw/85FZh3L4shAIN50UAcgS+XnKDiJIrWM= =phWq -----END PGP SIGNATURE----- --6KZcnYiQUZRRFNmU--