colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

bunpen: dbus: fix to not keep the non-sandboxed file open after exec'ing into the user program

Browse Source
This commit is contained in:
Colin
2025-01-06 02:52:46 +00:00
parent db45fabb9c
commit 57ef42991e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/by-name/bunpen/restrict/restrict.ha
View File

@@ -31,7 +31,7 @@ export fn restrict(what: *resources::resources) void = {
// on i can refer to it by path relative to that parent // on i can refer to it by path relative to that parent
let session_parent = path::parent(&session)!; let session_parent = path::parent(&session)!;
log::printfln("[restrict] attempting to open parent(DBUS_SESSION_BUS_ADDRESS={})={}", path::string(&session), session_parent); log::printfln("[restrict] attempting to open parent(DBUS_SESSION_BUS_ADDRESS={})={}", path::string(&session), session_parent);
yield match (rt::open(session_parent, rt::O_RDONLY, 0o700)) { //< TODO: correct mode? yield match (rt::open(session_parent, rt::O_RDONLY | rt::O_CLOEXEC, 0o700)) { //< TODO: correct mode?
case let outer_fd: int => yield dbus_details { case let outer_fd: int => yield dbus_details {
outer_parent_fd = outer_fd, outer_parent_fd = outer_fd,
session_path = session, session_path = session,