Sebastian Wick

> [](https://gitlab.freedesktop.org/dbus/dbus/-/issues/171)I'm not unaware of this, this was designed by me and simon in 2017. But I'd like to point that it has gone nowhere in the 5 years since...

> We then use that pid's namespace for pid mapping We lookup the pid namespace of the app sandbox, not the pid namespace of the calling process. https://github.com/flatpak/xdg-desktop-portal/blob/main/src/xdp-utils.c#L2098-L2111 TBH I...

`xdp_invocation_lookup_app_info_sync` eventually calls `parse_app_info_from_flatpak_info` with the PID of the DBus proxy which looks at `/proc/$pid/root/.flatpak-info`. That file should contain the information about the correct appid, not something about the DBus...

Why does WebKit create bwrapinfo.json? If the portal doesn't work with host programs, we should fix that.

Right, but it's still a host program which spawns its own bwrap sandbox and not a sandboxed app! This leaks implementation details of flatpak into a host program to be...

Doing PID/TID mapping can be done trivially for unsanboxed apps because dbus even gives us a correct (as in non-proxy) pidfd. pidfd from dbus connection: https://github.com/swick/xdg-desktop-portal/blob/051e9d49dcb75c22df245c8a8f902a751fa4538b/src/xdp-utils.c#L995 pidfd->pidns: https://github.com/swick/xdg-desktop-portal/blob/051e9d49dcb75c22df245c8a8f902a751fa4538b/src/xdp-utils.c#L2027 And then...

Yikes, that's cursed. There is no way to do the pid mapping without help there. Never mind then. With the Containers1 thing I'm working on the pid mapping (and everything...

@smcv might also be interested

LGTM

What might be a good idea is an option in flatpak-builder which builds the same manifest two times but with a different environment. flatpak already fixes some sources of non-reproducible...