Specifically this also changes the well-known name for flatpak from
"flatpak" to "org.flatpak". This would be a breaking change but there is
no released version of flatpak yet with security-context support.
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
Specifically that after calling create_listener the only valid operation
on the sockets is to close them. They also must stay open and valid
until a round-trip after the call.
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
This is a variation of the unveil protocol I suggested in the Weston
issue about security contexts. This lets sandbox engines such as Flatpak
attach a security context to sandboxed clients. The compositor can then
restrict which features are made available to that client.
The protocol is designed around the assumption that the sandbox engine
uses this protocol when setting up the sandboxed application. After this
inital setup, the sandbox engine isn't necessarily running anymore.
For this reason, a special "close FD" is used to indicate when to stop
the security context listener: the sandbox engine can leak the FD into
the sandboxed app's process, and the OS will automatically close the FD
when the sandboxed app exits.
Signed-off-by: Simon Ser <contact@emersion.fr>
References: https://gitlab.freedesktop.org/wayland/weston/-/issues/206
