flatpak icon indicating copy to clipboard operation
flatpak copied to clipboard

Published 20 hours ago verified publisher icon flatpak

run: Don't inherhit LD_PRELOAD from the host

Open TingPing opened this issue 1 year ago • 7 comments

I don't think this env var makes much sense to pass into the sandbox for similar reasons to LD_LIBRARY_PATH. Libraries from the host just aren't relevant.

Users can still pass --env=LD_PRELOAD=/foo to use this functionality.

TingPing avatar Apr 04 '24 21:04 TingPing

There is a comment below that says:

If updating this list, also update the list in flatpak-run.xml.

It's easy to miss since it's in the middle of the list so perhaps should be moved on top.

Erick555 avatar Apr 05 '24 00:04 Erick555

For completeness, we might want to do the same for LD_AUDIT, which is like LD_PRELOAD but more so.

smcv avatar Apr 05 '24 10:04 smcv

Users can still pass --env=LD_PRELOAD=/foo to use this functionality.

Did you test this? It would be good to know for sure that it's true.

smcv avatar Apr 05 '24 10:04 smcv

Did you test this? It would be good to know for sure that it's true.

Yes I confirmed it works.

TingPing avatar Apr 08 '24 13:04 TingPing

run: Don't inherhit…

Typo: should say inherit

smcv avatar Apr 08 '24 13:04 smcv

Hmm, I actually hit some failures:

error: Can't open generated ld.so.cache

So I'll check this out later.

TingPing avatar Apr 08 '24 13:04 TingPing

This happens on main, so it must be a badly configured build, but I'll verify everything is good before merging.

TingPing avatar Apr 08 '24 13:04 TingPing

I'll verify everything is good before merging

Not merging this right now because it's still marked as draft, but the change looks good, so please re-test.

smcv avatar Apr 24 '24 11:04 smcv