Containers: Replace "name" with the app ID and instance ID

This aligns it with the analogous Wayland specification
security-context-v1, and in particular allows Flatpak-aware applications
to look up the instance's sandboxing parameters and other metadata.

Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/479
Signed-off-by: Simon McVittie <smcv@collabora.com>

bus/connection.c

@@ -595,7 +595,8 @@ cache_peer_loginfo_string (BusConnectionData *d,
   dbus_bool_t prev_added;
   const char *container = NULL;
   const char *container_type = NULL;
-  const char *container_name = NULL;
+  const char *app_id = NULL;
+  const char *instance_id = NULL;
   DBusCredentials *credentials;
 
   if (!_dbus_string_init (&loginfo_buf))
@@ -679,7 +680,8 @@ cache_peer_loginfo_string (BusConnectionData *d,
   /* This does have to come from the connection, not the credentials */
   if (bus_containers_connection_is_contained (connection, &container,
                                               &container_type,
-                                              &container_name))
+                                              &app_id,
+                                              &instance_id))
     {
       dbus_bool_t did_append;
 
@@ -690,10 +692,11 @@ cache_peer_loginfo_string (BusConnectionData *d,
         }
 
       did_append = _dbus_string_append_printf (&loginfo_buf,
-                                               "container=%s %s=\"%s\")",
+                                               "container=%s %s=\"%s\" inst=\"%s\")",
                                                container,
                                                container_type,
-                                               container_name);
+                                               app_id,
+                                               instance_id);
       if (!did_append)
         goto oom;
       else
@@ -2485,7 +2488,7 @@ bus_transaction_send (BusTransaction *transaction,
 
       if (sender == NULL ||
           !bus_containers_connection_is_contained (sender, &path,
-                                                   NULL, NULL))
+                                                   NULL, NULL, NULL))
         path = "/";
 
       if (!dbus_message_set_container_path (message, path))

bus/containers.c

@@ -53,7 +53,8 @@ typedef struct
   int refcount;
   char *path;
   char *type;
-  char *name;
+  char *app_id;
+  char *instance_id;
   DBusVariant *metadata;
   BusContext *context;
   BusContainers *containers;
@@ -339,7 +340,8 @@ bus_container_server_unref (BusContainerServer *self)
       dbus_connection_unref (self->creator);
       dbus_free (self->path);
       dbus_free (self->type);
-      dbus_free (self->name);
+      dbus_free (self->app_id);
+      dbus_free (self->instance_id);
       dbus_free (self);
     }
 }
@@ -397,7 +399,8 @@ bus_container_server_new (BusContext *context,
 
   self->refcount = 1;
   self->type = NULL;
-  self->name = NULL;
+  self->app_id = NULL;
+  self->instance_id = NULL;
   self->metadata = NULL;
   self->context = bus_context_ref (context);
   self->containers = bus_containers_ref (containers);
@@ -511,7 +514,7 @@ new_connection_cb (DBusServer     *lower_level_server,
                        "Closing connection to container server "
                        "%s (%s \"%s\") because it would exceed resource limit "
                        "(max_connections_per_container=%d)",
-                       server->path, server->type, server->name, limit);
+                       server->path, server->type, server->app_id, limit);
       return;
     }
 
@@ -680,7 +683,8 @@ bus_containers_handle_add_server (DBusConnection *connection,
   DBusMessageIter writer;
   DBusMessageIter array_writer;
   const char *type;
-  const char *name;
+  const char *app_id;
+  const char *instance_id;
   const char *path;
   BusContainerServer *server = NULL;
   BusContext *context;
@@ -732,7 +736,7 @@ bus_containers_handle_add_server (DBusConnection *connection,
     }
 
   /* We already checked this in bus_driver_handle_message() */
-  _dbus_assert (dbus_message_has_signature (message, "ssa{sv}a{sv}"));
+  _dbus_assert (dbus_message_has_signature (message, "sssa{sv}a{sv}"));
 
   /* Argument 0: Container type */
   if (!dbus_message_iter_init (message, &iter))
@@ -753,18 +757,29 @@ bus_containers_handle_add_server (DBusConnection *connection,
       goto fail;
     }
 
-  /* Argument 1: Name as defined by container manager */
+  /* Argument 1: app-ID as defined by container manager */
   if (!dbus_message_iter_next (&iter))
     _dbus_assert_not_reached ("Message type was already checked");
 
   _dbus_assert (dbus_message_iter_get_arg_type (&iter) == DBUS_TYPE_STRING);
-  dbus_message_iter_get_basic (&iter, &name);
-  server->name = _dbus_strdup (name);
+  dbus_message_iter_get_basic (&iter, &app_id);
+  server->app_id = _dbus_strdup (app_id);
 
-  if (server->name == NULL)
+  if (server->app_id == NULL)
     goto oom;
 
-  /* Argument 2: Metadata as defined by container manager */
+  /* Argument 2: instance-ID as defined by container manager */
+  if (!dbus_message_iter_next (&iter))
+    _dbus_assert_not_reached ("Message type was already checked");
+
+  _dbus_assert (dbus_message_iter_get_arg_type (&iter) == DBUS_TYPE_STRING);
+  dbus_message_iter_get_basic (&iter, &instance_id);
+  server->instance_id = _dbus_strdup (instance_id);
+
+  if (server->instance_id == NULL)
+    goto oom;
+
+  /* Argument 3: Metadata as defined by container manager */
   if (!dbus_message_iter_next (&iter))
     _dbus_assert_not_reached ("Message type was already checked");
 
@@ -781,7 +796,8 @@ bus_containers_handle_add_server (DBusConnection *connection,
    * int value. */
   metadata_size = _dbus_variant_get_length (server->metadata) +
                   (int) strlen (type) +
-                  (int) strlen (name);
+                  (int) strlen (app_id) +
+                  (int) strlen (instance_id);
   limit = bus_context_get_max_container_metadata_bytes (context);
 
   if (metadata_size > limit)
@@ -801,7 +817,7 @@ bus_containers_handle_add_server (DBusConnection *connection,
       goto fail;
     }
 
-  /* Argument 3: Named parameters */
+  /* Argument 4: Named parameters */
   if (!dbus_message_iter_next (&iter))
     _dbus_assert_not_reached ("Message type was already checked");
 
@@ -1216,7 +1232,8 @@ bus_containers_handle_get_connection_info (DBusConnection *caller,
 
   if (!dbus_message_append_args (reply,
                                  DBUS_TYPE_STRING, &server->type,
-                                 DBUS_TYPE_STRING, &server->name,
+                                 DBUS_TYPE_STRING, &server->app_id,
+                                 DBUS_TYPE_STRING, &server->instance_id,
                                  DBUS_TYPE_INVALID))
     goto oom;
 
@@ -1300,7 +1317,8 @@ bus_containers_handle_get_server_info (DBusConnection *connection,
 
   if (!dbus_message_append_args (reply,
                                  DBUS_TYPE_STRING, &server->type,
-                                 DBUS_TYPE_STRING, &server->name,
+                                 DBUS_TYPE_STRING, &server->app_id,
+                                 DBUS_TYPE_STRING, &server->instance_id,
                                  DBUS_TYPE_INVALID))
     goto oom;
 
@@ -1452,7 +1470,8 @@ dbus_bool_t
 bus_containers_connection_is_contained (DBusConnection *connection,
                                         const char **path,
                                         const char **type,
-                                        const char **name)
+                                        const char **app_id,
+                                        const char **instance_id)
 {
 #ifdef DBUS_ENABLE_CONTAINERS
   BusContainerServer *server;
@@ -1467,8 +1486,11 @@ bus_containers_connection_is_contained (DBusConnection *connection,
       if (type != NULL)
         *type = server->type;
 
-      if (name != NULL)
-        *name = server->name;
+      if (app_id != NULL)
+        *app_id = server->app_id;
+
+      if (instance_id != NULL)
+        *instance_id = server->instance_id;
 
       return TRUE;
     }

bus/containers.h

@@ -66,7 +66,8 @@ void        bus_containers_remove_connection          (BusContainers *self,
 dbus_bool_t bus_containers_connection_is_contained    (DBusConnection *connection,
                                                        const char **path,
                                                        const char **type,
-                                                       const char **name);
+                                                       const char **app_id,
+                                                       const char **instance_id);
 
 static inline void
 bus_clear_containers (BusContainers **containers_p)

bus/driver.c

@@ -118,7 +118,7 @@ bus_driver_check_caller_is_not_container (DBusConnection *connection,
                                           DBusMessage    *message,
                                           DBusError      *error)
 {
-  if (bus_containers_connection_is_contained (connection, NULL, NULL, NULL))
+  if (bus_containers_connection_is_contained (connection, NULL, NULL, NULL, NULL))
     {
       const char *method = dbus_message_get_member (message);
 
@@ -2033,7 +2033,7 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
 
   /* This has to come from the connection, not the credentials */
   if (peer_conn != NULL &&
-      bus_containers_connection_is_contained (peer_conn, &path, NULL, NULL))
+      bus_containers_connection_is_contained (peer_conn, &path, NULL, NULL, NULL))
     {
       if (!_dbus_asv_add_object_path (asv_iter,
                                       DBUS_INTERFACE_CONTAINERS1 ".Path",
@@ -2647,16 +2647,16 @@ static const MessageHandler introspectable_message_handlers[] = {
 
 #ifdef DBUS_ENABLE_CONTAINERS
 static const MessageHandler containers_message_handlers[] = {
-  { "AddServer", "ssa{sv}a{sv}", "oays", bus_containers_handle_add_server,
+  { "AddServer", "sssa{sv}a{sv}", "oays", bus_containers_handle_add_server,
     METHOD_FLAG_NO_CONTAINERS },
   { "StopServer", "o", "", bus_containers_handle_stop_server,
     METHOD_FLAG_NO_CONTAINERS },
   { "StopListening", "o", "", bus_containers_handle_stop_listening,
     METHOD_FLAG_NO_CONTAINERS },
-  { "GetConnectionInfo", "s", "oa{sv}ssa{sv}",
+  { "GetConnectionInfo", "s", "oa{sv}sssa{sv}",
     bus_containers_handle_get_connection_info,
     METHOD_FLAG_NONE },
-  { "GetServerInfo", "o", "a{sv}ssa{sv}", bus_containers_handle_get_server_info,
+  { "GetServerInfo", "o", "a{sv}sssa{sv}", bus_containers_handle_get_server_info,
     METHOD_FLAG_NONE },
   { "RequestHeader", "", "", bus_containers_handle_request_header,
     METHOD_FLAG_NONE },

doc/dbus-specification.xml

@@ -7484,7 +7484,8 @@
           As a method:
           <programlisting>
             AddServer (in STRING container_type,
-                       in STRING container_name,
+                       in STRING app_id,
+                       in STRING instance_id,
                        in DICT&lt;STRING,VARIANT&gt; metadata,
                        in DICT&lt;STRING,VARIANT&gt; named_arguments,
                        out OBJECT_PATH server_path,
@@ -7529,6 +7530,18 @@
                 </row>
                 <row>
                   <entry>2</entry>
+                  <entry>STRING</entry>
+                  <entry>
+                    Some unique identifier for a particular instance of an
+                    application or container, whose meaning is defined by the
+                    maintainers of the container type. If the container
+                    type does not have a concept of identifying or
+                    naming instances by a string,
+                    using the empty string here is suggested.
+                  </entry>
+                </row>
+                <row>
+                  <entry>3</entry>
                   <entry>DICT&lt;STRING,VARIANT&gt;</entry>
                   <entry>
                     Metadata describing the application or container, with the
@@ -7537,7 +7550,7 @@
                   </entry>
                 </row>
                 <row>
-                  <entry>3</entry>
+                  <entry>4</entry>
                   <entry>DICT&lt;STRING,VARIANT&gt;</entry>
                   <entry>
                     Additional arguments that extend this method.
@@ -7548,7 +7561,7 @@
                   </entry>
                 </row>
                 <row>
-                  <entry>4</entry>
+                  <entry>5</entry>
                   <entry>OBJECT_PATH</entry>
                   <entry>
                     An opaque object path identifying the new container
@@ -7556,7 +7569,7 @@
                   </entry>
                 </row>
                 <row>
-                  <entry>5</entry>
+                  <entry>6</entry>
                   <entry>ARRAY&lt;BYTE&gt;</entry>
                   <entry>
                     The absolute filesystem path of the resulting
@@ -7567,7 +7580,7 @@
                   </entry>
                 </row>
                 <row>
-                  <entry>6</entry>
+                  <entry>7</entry>
                   <entry>STRING</entry>
                   <entry>
                     A connectable D-Bus address, for example
@@ -7593,12 +7606,14 @@
         <para>
           Each call to this method creates a new
           <firstterm>container server</firstterm>, identified by an object
-          path. Even if the specified container type and name are the
-          same as for a pre-existing container server, each call
+          path. Even if the specified container type, app ID and instance ID
+          are the same as for a pre-existing container server, each call
           creates a new server with a new unique object path, because
           the new container server might represent a different
           version of the confined application with different
-          characteristics and restrictions. The message bus may provide
+          characteristics and restrictions (although in practice it is
+          expected that container managers are most likely to create one
+          server per instance ID). The message bus may provide
           an object at the given object path, but is not required to
           do so.
         </para>
@@ -7798,7 +7813,8 @@
                                out OBJECT_PATH server_path,
                                out DICT&lt;STRING,VARIANT&gt; creator,
                                out STRING container_type,
-                               out STRING container_name,
+                               out STRING app_id,
+                               out STRING instance_id,
                                out DICT&lt;STRING,VARIANT&gt; metadata)
           </programlisting>
           Message arguments:
@@ -7863,15 +7879,40 @@
                   <entry>4</entry>
                   <entry>STRING</entry>
                   <entry>
-                    Some unique identifier for an application or container,
+                    A unique identifier for an application or container,
                     whose meaning is defined by the maintainers of the
                     container type.
+                    For example, Flatpak would use a freedesktop.org app ID
+                    such as <literal>org.mozilla.firefox</literal>, but
+                    Snap might use a Snap app ID such as
+                    <literal>firefox</literal>.
                     This output parameter is controlled by the creator
                     of the per-container server.
+                    Depending on the container type, it might be possible
+                    to look up further metadata for the application in a
+                    container-type-specific way.
                   </entry>
                 </row>
                 <row>
                   <entry>5</entry>
+                  <entry>STRING</entry>
+                  <entry>
+                    A unique identifier for a particular instance of an
+                    application or container, whose meaning is defined by
+                    the maintainers of the container type.
+                    For example, Flatpak would use the same numeric
+                    instance ID that is shown by <literal>flatpak ps</literal>.
+                    This output parameter is controlled by the creator
+                    of the per-container server.
+                    Depending on the container type, it might be possible
+                    to look up further metadata for the instance in a
+                    container-type-specific way, for example by reading
+                    <filename>$XDG_RUNTIME_DIR/.flatpak/$INSTANCE/info</filename>
+                    for a Flatpak app.
+                  </entry>
+                </row>
+                <row>
+                  <entry>6</entry>
                   <entry>DICT&lt;STRING,VARIANT&gt;</entry>
                   <entry>
                     Metadata describing the application or container, with the
@@ -7915,7 +7956,8 @@
             GetServerInfo (in OBJECT_PATH server_path,
                            out DICT&lt;STRING,VARIANT&gt; creator,
                            out STRING container_type,
-                           out STRING container_name,
+                           out STRING app_id,
+                           out STRING instance_id,
                            out DICT&lt;STRING,VARIANT&gt; metadata)
           </programlisting>
           Message arguments:
@@ -7979,6 +8021,19 @@
                 </row>
                 <row>
                   <entry>4</entry>
+                  <entry>STRING</entry>
+                  <entry>
+                    Some unique identifier for a particular instance of an
+                    application or container,
+                    the same as the corresponding parameter in
+                    <link linkend="bus-messages-containers1-get-connection-info"
+                      >GetConnectionInfo</link>.
+                    This output parameter is controlled by the creator
+                    of the per-container server.
+                  </entry>
+                </row>
+                <row>
+                  <entry>5</entry>
                   <entry>DICT&lt;STRING,VARIANT&gt;</entry>
                   <entry>
                     Metadata describing the application or container,

test/containers.c

@@ -378,7 +378,8 @@ test_basic (Fixture *f,
   GVariantDict dict;
   const gchar *confined_unique_name;
   const gchar *path_from_query;
-  const gchar *name;
+  const gchar *app_id;
+  const gchar *instance_id;
   const gchar *name_owner;
   const gchar *type;
   guint32 uid;
@@ -391,9 +392,10 @@ test_basic (Fixture *f,
   if (f->skip)
     return;
 
-  parameters = g_variant_new ("(ssa{sv}a{sv})",
+  parameters = g_variant_new ("(sssa{sv}a{sv})",
                               "com.example.NotFlatpak",
                               "sample-app",
+                              "sample-instance",
                               NULL, /* no metadata */
                               NULL); /* no named arguments */
   if (!add_container_server (f, g_steal_pointer (&parameters)))
@@ -517,16 +519,17 @@ test_basic (Fixture *f,
                                   G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
   g_assert_no_error (f->error);
   g_assert_nonnull (tuple);
-  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oa{sv}ssa{sv})");
-  g_variant_get (tuple, "(&o@a{sv}&s&s@a{sv})",
-                 &path_from_query, &creator, &type, &name, &asv);
+  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oa{sv}sssa{sv})");
+  g_variant_get (tuple, "(&o@a{sv}&s&s&s@a{sv})",
+                 &path_from_query, &creator, &type, &app_id, &instance_id, &asv);
   g_assert_cmpstr (path_from_query, ==, f->server_path);
   g_variant_dict_init (&dict, creator);
   g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
   g_assert_cmpuint (uid, ==, _dbus_getuid ());
   g_variant_dict_clear (&dict);
   g_assert_cmpstr (type, ==, "com.example.NotFlatpak");
-  g_assert_cmpstr (name, ==, "sample-app");
+  g_assert_cmpstr (app_id, ==, "sample-app");
+  g_assert_cmpstr (instance_id, ==, "sample-instance");
   /* Trivial case: the metadata a{sv} is empty */
   g_assert_cmpuint (g_variant_n_children (asv), ==, 0);
   g_clear_pointer (&asv, g_variant_unref);
@@ -539,14 +542,16 @@ test_basic (Fixture *f,
                                   G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
   g_assert_no_error (f->error);
   g_assert_nonnull (tuple);
-  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(a{sv}ssa{sv})");
-  g_variant_get (tuple, "(@a{sv}&s&s@a{sv})", &creator, &type, &name, &asv);
+  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(a{sv}sssa{sv})");
+  g_variant_get (tuple, "(@a{sv}&s&s&s@a{sv})",
+                 &creator, &type, &app_id, &instance_id, &asv);
   g_variant_dict_init (&dict, creator);
   g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
   g_assert_cmpuint (uid, ==, _dbus_getuid ());
   g_variant_dict_clear (&dict);
   g_assert_cmpstr (type, ==, "com.example.NotFlatpak");
-  g_assert_cmpstr (name, ==, "sample-app");
+  g_assert_cmpstr (app_id, ==, "sample-app");
+  g_assert_cmpstr (instance_id, ==, "sample-instance");
   /* Trivial case: the metadata a{sv} is empty */
   g_assert_cmpuint (g_variant_n_children (asv), ==, 0);
   g_clear_pointer (&asv, g_variant_unref);
@@ -582,9 +587,10 @@ test_wrong_uid (Fixture *f,
   if (f->skip)
     return;
 
-  parameters = g_variant_new ("(ssa{sv}a{sv})",
+  parameters = g_variant_new ("(sssa{sv}a{sv})",
                               "com.example.NotFlatpak",
                               "sample-app",
+                              "instance1",
                               NULL, /* no metadata */
                               NULL); /* no named arguments */
   if (!add_container_server (f, g_steal_pointer (&parameters)))
@@ -613,7 +619,8 @@ test_wrong_uid (Fixture *f,
 
 /*
  * Test for non-trivial metadata: assert that the metadata a{sv} is
- * carried through correctly, and that the app name is allowed to be empty.
+ * carried through correctly, and that the app/instance IDs are
+ * allowed to be empty.
  */
 static void
 test_metadata (Fixture *f,
@@ -627,7 +634,8 @@ test_metadata (Fixture *f,
   GVariantDict dict;
   const gchar *confined_unique_name;
   const gchar *path_from_query;
-  const gchar *name;
+  const gchar *app_id;
+  const gchar *instance_id;
   const gchar *type;
   guint32 uid;
   guint u;
@@ -642,9 +650,11 @@ test_metadata (Fixture *f,
   g_variant_dict_insert (&dict, "IsCrepuscular", "b", TRUE);
   g_variant_dict_insert (&dict, "NChildren", "u", 2);
 
-  parameters = g_variant_new ("(ss@a{sv}a{sv})",
+  parameters = g_variant_new ("(sss@a{sv}a{sv})",
                               "org.example.Springwatch",
-                              /* Verify that empty app names are OK */
+                              /* Verify that empty app IDs are OK */
+                              "",
+                              /* Verify that empty instance IDs are OK */
                               "",
                               g_variant_dict_end (&dict),
                               NULL); /* no named arguments */
@@ -688,16 +698,17 @@ test_metadata (Fixture *f,
                                   G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
   g_assert_no_error (f->error);
   g_assert_nonnull (tuple);
-  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oa{sv}ssa{sv})");
-  g_variant_get (tuple, "(&o@a{sv}&s&s@a{sv})",
-                 &path_from_query, &creator, &type, &name, &asv);
+  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oa{sv}sssa{sv})");
+  g_variant_get (tuple, "(&o@a{sv}&s&s&s@a{sv})",
+                 &path_from_query, &creator, &type, &app_id, &instance_id, &asv);
   g_assert_cmpstr (path_from_query, ==, f->server_path);
   g_variant_dict_init (&dict, creator);
   g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
   g_assert_cmpuint (uid, ==, _dbus_getuid ());
   g_variant_dict_clear (&dict);
   g_assert_cmpstr (type, ==, "org.example.Springwatch");
-  g_assert_cmpstr (name, ==, "");
+  g_assert_cmpstr (app_id, ==, "");
+  g_assert_cmpstr (instance_id, ==, "");
   g_variant_dict_init (&dict, asv);
   g_assert_true (g_variant_dict_lookup (&dict, "NChildren", "u", &u));
   g_assert_cmpuint (u, ==, 2);
@@ -717,14 +728,16 @@ test_metadata (Fixture *f,
                                   G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
   g_assert_no_error (f->error);
   g_assert_nonnull (tuple);
-  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(a{sv}ssa{sv})");
-  g_variant_get (tuple, "(@a{sv}&s&s@a{sv})", &creator, &type, &name, &asv);
+  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(a{sv}sssa{sv})");
+  g_variant_get (tuple, "(@a{sv}&s&s&s@a{sv})",
+                 &creator, &type, &app_id, &instance_id, &asv);
   g_variant_dict_init (&dict, creator);
   g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
   g_assert_cmpuint (uid, ==, _dbus_getuid ());
   g_variant_dict_clear (&dict);
   g_assert_cmpstr (type, ==, "org.example.Springwatch");
-  g_assert_cmpstr (name, ==, "");
+  g_assert_cmpstr (app_id, ==, "");
+  g_assert_cmpstr (instance_id, ==, "");
   g_variant_dict_init (&dict, asv);
   g_assert_true (g_variant_dict_lookup (&dict, "NChildren", "u", &u));
   g_assert_cmpuint (u, ==, 2);
@@ -789,9 +802,10 @@ test_stop_server (Fixture *f,
                                              &f->error);
   g_assert_no_error (f->error);
 
-  parameters = g_variant_new ("(ssa{sv}a{sv})",
+  parameters = g_variant_new ("(sssa{sv}a{sv})",
                               "com.example.NotFlatpak",
                               "sample-app",
+                              "",
                               NULL, /* no metadata */
                               NULL); /* no named arguments */
   if (!add_container_server (f, g_steal_pointer (&parameters)))
@@ -1211,9 +1225,10 @@ test_unsupported_parameter (Fixture *f,
                          "ThisArgumentIsntImplemented",
                          "b", FALSE);
 
-  parameters = g_variant_new ("(ssa{sv}@a{sv})",
+  parameters = g_variant_new ("(sssa{sv}@a{sv})",
                               "com.example.NotFlatpak",
                               "sample-app",
+                              "",
                               NULL, /* no metadata */
                               g_variant_dict_end (&named_argument_builder));
   tuple = g_dbus_proxy_call_sync (f->proxy, "AddServer",
@@ -1251,9 +1266,10 @@ test_invalid_type_name (Fixture *f,
                                     NULL, &f->error);
   g_assert_no_error (f->error);
 
-  parameters = g_variant_new ("(ssa{sv}a{sv})",
+  parameters = g_variant_new ("(sssa{sv}a{sv})",
                               "this is not a valid container type name",
                               "sample-app",
+                              "",
                               NULL, /* no metadata */
                               NULL); /* no named arguments */
   tuple = g_dbus_proxy_call_sync (f->proxy, "AddServer",
@@ -1286,9 +1302,10 @@ test_invalid_nesting (Fixture *f,
   if (f->skip)
     return;
 
-  parameters = g_variant_new ("(ssa{sv}a{sv})",
+  parameters = g_variant_new ("(sssa{sv}a{sv})",
                               "com.example.NotFlatpak",
                               "sample-app",
+                              "instance0",
                               NULL, /* no metadata */
                               NULL); /* no named arguments */
   if (!add_container_server (f, g_steal_pointer (&parameters)))
@@ -1310,9 +1327,10 @@ test_invalid_nesting (Fixture *f,
                                         &f->error);
   g_assert_no_error (f->error);
 
-  parameters = g_variant_new ("(ssa{sv}a{sv})",
+  parameters = g_variant_new ("(sssa{sv}a{sv})",
                               "com.example.NotFlatpak",
                               "inner-app",
+                              "instance1",
                               NULL, /* no metadata */
                               NULL); /* no named arguments */
   tuple = g_dbus_proxy_call_sync (nested_proxy, "AddServer",
@@ -1359,9 +1377,10 @@ test_max_containers (Fixture *f,
                                     NULL, &f->error);
   g_assert_no_error (f->error);
 
-  parameters = g_variant_new ("(ssa{sv}a{sv})",
+  parameters = g_variant_new ("(sssa{sv}a{sv})",
                               "com.example.NotFlatpak",
                               "sample-app",
+                              "instance1",
                               NULL, /* no metadata */
                               NULL); /* no named arguments */
   /* We will reuse this variant several times, so don't use floating refs */
@@ -1469,9 +1488,10 @@ test_max_connections_per_container (Fixture *f,
                                     NULL, &f->error);
   g_assert_no_error (f->error);
 
-  parameters = g_variant_new ("(ssa{sv}a{sv})",
+  parameters = g_variant_new ("(sssa{sv}a{sv})",
                               "com.example.NotFlatpak",
                               "sample-app",
+                              "",
                               NULL, /* no metadata */
                               NULL); /* no named arguments */
   /* We will reuse this variant several times, so don't use floating refs */
@@ -1619,9 +1639,10 @@ test_max_container_metadata_bytes (Fixture *f,
                                                     1));
 
   /* Floating reference, call_..._sync takes ownership */
-  parameters = g_variant_new ("(ss@a{sv}a{sv})",
+  parameters = g_variant_new ("(sss@a{sv}a{sv})",
                               "com.wasteheadquarters",
                               "Packt Like Sardines in a Crushd Tin Box",
+                              "",
                               g_variant_dict_end (&dict),
                               NULL); /* no named arguments */