[Webkit-unassigned] [Bug 219325] [WPE][GTK] flatpak-spawn subsandbox clears environment variables, breaks EphyPermissionsManager

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 27 15:13:09 PST 2021


https://bugs.webkit.org/show_bug.cgi?id=219325

--- Comment #5 from Michael Catanzaro <mcatanzaro at gnome.org> ---
OK, something weird is going on. Inside the UI process sandbox, we have:

$ env | grep XDG
XDG_CONFIG_DIRS=/app/etc/xdg:/etc/xdg
XDG_MENU_PREFIX=gnome-
XDG_DATA_HOME=/home/mcatanzaro/.var/app/org.gnome.Epiphany.Devel/data
XDG_CONFIG_HOME=/home/mcatanzaro/.var/app/org.gnome.Epiphany.Devel/config
XDG_SESSION_DESKTOP=gnome
XDG_SESSION_TYPE=wayland
XDG_CURRENT_DESKTOP=GNOME
XDG_CACHE_HOME=/home/mcatanzaro/.var/app/org.gnome.Epiphany.Devel/cache
XDG_SESSION_CLASS=user
XDG_RUNTIME_DIR=/run/user/1000
XDG_DATA_DIRS=/app/share:/usr/share:/usr/share/runtime/share:/run/host/user-share:/run/host/share

But in the web process sandbox:

$ env | grep XDG
XDG_CONFIG_DIRS=/app/etc/xdg:/etc/xdg
XDG_MENU_PREFIX=gnome-
XDG_SESSION_DESKTOP=gnome
XDG_SESSION_TYPE=wayland
XDG_CURRENT_DESKTOP=GNOME
XDG_SESSION_CLASS=user
XDG_RUNTIME_DIR=/run/user/1000
XDG_DATA_DIRS=/app/share:/usr/share:/usr/share/runtime/share:/run/host/user-share:/run/host/share

So the web process sandbox is getting some things from flatpak, because we see /app in the web process. Comparing the full differences (not copied here), I see the web process is missing a few things set by gnome-shell when launching apps: GJS_DEBUG_OUTPUT, DESTKOP_STARTUP_ID, GIO_LAUNCHED_DESKTOP_FILE_PID, and GIO_LAUNCHED_DESKTOP_FILE. The web process is also missing DBUS_SYSTEM_BUS_ADDRESS, which means geolocation is probably broken (and indeed, I see a comment in FlatpakLauncher.cpp "Note that this only allows portals and $appid.Sandbox.* access" that indicates this is intentional). Finally, the web process is missing XDG_DATA_HOME, XDG_CONFIG_HOME, and XDG_CACHE_HOME.

Since that is inconsistent from what Alex's test shows, I entered the UI process sandbox and ran:

$ flatpak-spawn bash -c env | grep XDG_DATA
XDG_DATA_HOME=/home/mcatanzaro/.var/app/org.gnome.Epiphany/data
XDG_DATA_DIRS=/app/share:/usr/share:/usr/share/runtime/share:/run/host/share

which confirms Alex's test. That's hard to explain. Why is our web process getting different behavior than when we manually call flatpak-spawn?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210127/8cb3a9a9/attachment.htm>


More information about the webkit-unassigned mailing list