kiss-flatpak

Flatpak for KISS Linux.
git clone https://git.stjo.hn/kiss-flatpak
Log | Files | Refs | README | LICENSE

commit d38a45b50f59e50be559f7aaad5989a1e35ea836
parent fac10c955204d20991198efd2fa2ca7e4d4e12eb
Author: St John Karp <contact@stjo.hn>
Date:   Sun,  3 Jul 2022 07:41:19 -0400

flatpak: Fix no-libcap patch

The old patch no longer appled, so I manually reapplied these changes
and regenerated the patch.

Diffstat:
Mflatpak/flatpak/patches/no-libcap.patch | 32++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/flatpak/flatpak/patches/no-libcap.patch b/flatpak/flatpak/patches/no-libcap.patch @@ -1,5 +1,5 @@ diff --git a/app/flatpak-builtins-enter.c b/app/flatpak-builtins-enter.c -index 4a7c51d..3cd365f 100644 +index 44e14e9..26ea6b0 100644 --- a/app/flatpak-builtins-enter.c +++ b/app/flatpak-builtins-enter.c @@ -36,21 +36,11 @@ @@ -24,7 +24,7 @@ index 4a7c51d..3cd365f 100644 gboolean flatpak_builtin_enter (int argc, char **argv, -@@ -226,8 +216,6 @@ flatpak_builtin_enter (int argc, +@@ -242,8 +232,6 @@ flatpak_builtin_enter (int argc, if (setuid (uid)) return flatpak_fail (error, _("Can't switch uid")); @@ -33,10 +33,10 @@ index 4a7c51d..3cd365f 100644 envp_array = g_ptr_array_new_with_free_func (g_free); for (e = environment; e < environment + environment_len; e = e + strlen (e) + 1) { -diff --git a/bubblewrap/bubblewrap.c b/bubblewrap/bubblewrap.c -index b3d52bc..59b0076 100644 ---- a/bubblewrap/bubblewrap.c -+++ b/bubblewrap/bubblewrap.c +diff --git a/subprojects/bubblewrap/bubblewrap.c b/subprojects/bubblewrap/bubblewrap.c +index fc2edbb..704e9e8 100644 +--- a/subprojects/bubblewrap/bubblewrap.c ++++ b/subprojects/bubblewrap/bubblewrap.c @@ -28,7 +28,6 @@ #include <sys/eventfd.h> #include <sys/fsuid.h> @@ -45,7 +45,7 @@ index b3d52bc..59b0076 100644 #include <sys/prctl.h> #include <linux/sched.h> #include <linux/seccomp.h> -@@ -586,70 +585,17 @@ static uint32_t requested_caps[2] = {0, 0}; +@@ -593,70 +592,17 @@ static uint32_t requested_caps[2] = {0, 0}; static void set_required_caps (void) { @@ -117,7 +117,7 @@ index b3d52bc..59b0076 100644 } /* Most of the code here is used both to add caps to the ambient capabilities -@@ -659,49 +605,6 @@ has_caps (void) +@@ -666,49 +612,6 @@ has_caps (void) static void prctl_caps (uint32_t *caps, bool do_cap_bounding, bool do_set_ambient) { @@ -167,7 +167,7 @@ index b3d52bc..59b0076 100644 } static void -@@ -748,10 +651,6 @@ acquire_privs (void) +@@ -755,10 +658,6 @@ acquire_privs (void) /* Are we setuid ? */ if (real_uid != euid) { @@ -178,7 +178,7 @@ index b3d52bc..59b0076 100644 /* We want to keep running as euid=0 until at the clone() * operation because doing so will make the user namespace be * owned by root, which makes it not ptrace:able by the user as -@@ -763,19 +662,7 @@ acquire_privs (void) +@@ -770,19 +669,7 @@ acquire_privs (void) * escalated filesystem access before the clone(), so we set * fsuid to the uid. */ @@ -199,7 +199,7 @@ index b3d52bc..59b0076 100644 } else if (real_uid != 0 && has_caps ()) { -@@ -786,18 +673,6 @@ acquire_privs (void) +@@ -793,18 +680,6 @@ acquire_privs (void) } else if (real_uid == 0) { @@ -218,7 +218,7 @@ index b3d52bc..59b0076 100644 } /* Else, we try unprivileged user namespaces */ -@@ -2043,52 +1918,16 @@ parse_args_recurse (int *argcp, +@@ -2187,53 +2062,17 @@ parse_args_recurse (int *argcp, } else if (strcmp (arg, "--cap-add") == 0) { @@ -250,8 +250,8 @@ index b3d52bc..59b0076 100644 { - cap_value_t cap; if (argc < 2) -- die ("--cap-drop takes an argument"); -- + die ("--cap-drop takes an argument"); + - opt_cap_add_or_drop_used = TRUE; - - if (strcasecmp (argv[1], "ALL") == 0) @@ -268,7 +268,7 @@ index b3d52bc..59b0076 100644 - else - requested_caps[1] &= ~CAP_TO_MASK_1 (cap - 32); - } -+ die ("--cap-add takes an argument"); - +- argv += 1; argc -= 1; + }