Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package geoclue-2.0 When using an application in flatpak, that application is supposed to be sandboxed and requests to geoclue to get the location should be explicitly granted by the user. [ Reason ] With cgroups v2, the code detecting that the application is running in a flatpak is broken and geoclue is always granting access to the location information without prompting the user. [ Impact ] This is only impacting the user of applications running in flatpak [ Tests ] I tried to run gnome-maps (flatpak run org.gnome.Maps) without and the with the patch and with the patch, I correctly get a dialog asking me if I want to share the location with the application. I also tried to run gnome-maps outside of flatpak and it is still working as expected. [ Risks ] The code is pretty isolated. I didn't test geoclue on a machine with cgroup v1 though. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] The patch has already been merged upstream in the master branch, I cherry-picked it and it applies cleanly in the package shipped in debian. unblock geoclue-2.0/2.5.7-3
diff --git a/debian/changelog b/debian/changelog index c5c1bc0..8cf8a35 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +geoclue-2.0 (2.5.7-3) unstable; urgency=medium + + * Properly detect that applications are running in flatpak when using cgroup + v2. Thanks to Guido Günther <a...@sigxcpu.org> (Closes: #985345) + + -- Laurent Bigonville <bi...@debian.org> Wed, 17 Mar 2021 15:53:13 +0100 + geoclue-2.0 (2.5.7-2) unstable; urgency=medium * d/p/fix-nowifi-query.patch: Fix getting a location if the computer has no diff --git a/debian/patches/0006-client-info-Support-cgroup-v2.patch b/debian/patches/0006-client-info-Support-cgroup-v2.patch new file mode 100644 index 0000000..2f0760b --- /dev/null +++ b/debian/patches/0006-client-info-Support-cgroup-v2.patch @@ -0,0 +1,93 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <a...@sigxcpu.org> +Date: Tue, 16 Mar 2021 12:22:30 +0100 +Subject: client-info: Support cgroup v2 +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +For v2 cgroups the /proc/<pid>/cgroup format changed to a single line¹. +Support this too to not misdetect flatpaks as system apps. + +1) See https://www.kernel.org/doc/html/v4.18/admin-guide/cgroup-v2.html#processes + +Signed-off-by: Guido Günther <a...@sigxcpu.org> +--- + src/gclue-client-info.c | 44 +++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 41 insertions(+), 3 deletions(-) + +diff --git a/src/gclue-client-info.c b/src/gclue-client-info.c +index d609b34..dd403a6 100644 +--- a/src/gclue-client-info.c ++++ b/src/gclue-client-info.c +@@ -181,6 +181,42 @@ on_name_vanished (GDBusConnection *connection, + 0); + } + ++ ++static gchar * ++parse_cgroup_v2 (GStrv lines) ++{ ++ const char *unit, *name; ++ char *dash, *xdg_id; ++ g_autofree char *scope = NULL; ++ ++ /* Cgroup v2 is always a single line: ++ * 0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-flatpak-org.gnome.Maps-3358.scope ++ */ ++ if (g_strv_length (lines) != 2) ++ return NULL; ++ ++ if (!g_str_has_prefix (lines[0], "0::")) ++ return NULL; ++ ++ unit = lines[0] + strlen ("0::"); ++ scope = g_path_get_basename (unit); ++ if (!g_str_has_prefix (scope, "app-flatpak-") || ++ !g_str_has_suffix (scope, ".scope")) ++ return NULL; ++ ++ name = scope + strlen("app-flatpak-"); ++ dash = strchr (name, '-'); ++ if (dash == NULL) ++ return NULL; ++ *dash = 0; ++ ++ xdg_id = g_strdup (name); ++ g_debug ("Found xdg_id %s", xdg_id); ++ ++ return xdg_id; ++} ++ ++ + /* Based on got_credentials_cb() from xdg-app source code */ + static char * + get_xdg_id (guint32 pid) +@@ -188,7 +224,7 @@ get_xdg_id (guint32 pid) + char *xdg_id = NULL; + g_autofree char *path = NULL; + g_autofree char *content = NULL; +- gchar **lines; ++ g_auto(GStrv) lines = NULL; + int i; + + path = g_strdup_printf ("/proc/%u/cgroup", pid); +@@ -197,6 +233,10 @@ get_xdg_id (guint32 pid) + return NULL; + lines = g_strsplit (content, "\n", -1); + ++ xdg_id = parse_cgroup_v2 (lines); ++ if (xdg_id != NULL) ++ return xdg_id; ++ + for (i = 0; lines[i] != NULL; i++) { + const char *unit = lines[i] + strlen ("1:name=systemd:"); + g_autofree char *scope = NULL; +@@ -224,8 +264,6 @@ get_xdg_id (guint32 pid) + xdg_id = g_strdup (name); + } + +- g_strfreev (lines); +- + return xdg_id; + } + diff --git a/debian/patches/series b/debian/patches/series index edb467d..ec78160 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ 0003-Revert-Fixed-hang-on-startup-when-client-app-is-a-sy.patch 0004-service-Stop-the-client-for-system-applications-when.patch fix-nowifi-query.patch +0006-client-info-Support-cgroup-v2.patch