flatpak/backport-0001-CVE-2022-21682.patch

From 949a3ec479d5ca0c962cf12adec70aea30bf0186 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 20 Jan 2020 19:20:14 +0000
Subject: [PATCH] context: Generalize handling of special filesystems a bit

Currently there are only "home" and "host", but I'm going to add one
that represents /usr and friends (/usr, /lib, ...), and one for /etc.
These differ from ordinary filesystem mounts because they are redirected
into /run/host to avoid conflicting with the runtime.

Signed-off-by: Simon McVittie <smcv@collabora.com>

Conflict:NA
Reference:https://github.com/flatpak/flatpak/commit/949a3ec479d5ca0c962cf12adec70aea30bf0186

---
 common/flatpak-context.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/common/flatpak-context.c b/common/flatpak-context.c
index 6df9b1e..4892d7b 100644
--- a/common/flatpak-context.c
+++ b/common/flatpak-context.c
@@ -78,6 +78,12 @@ const char *flatpak_context_features[] = {
   NULL
 };
 
+const char *flatpak_context_special_filesystems[] = {
+  "home",
+  "host",
+  NULL
+};
+
 FlatpakContext *
 flatpak_context_new (void)
 {
@@ -747,9 +753,7 @@ flatpak_context_verify_filesystem (const char *filesystem_and_mode,
 {
   g_autofree char *filesystem = parse_filesystem_flags (filesystem_and_mode, NULL);
 
-  if (strcmp (filesystem, "host") == 0)
-    return TRUE;
-  if (strcmp (filesystem, "home") == 0)
+  if (g_strv_contains (flatpak_context_special_filesystems, filesystem))
     return TRUE;
   if (get_xdg_user_dir_from_string (filesystem, NULL, NULL, NULL))
     return TRUE;
@@ -1988,8 +1992,7 @@ flatpak_context_export (FlatpakContext *context,
       const char *filesystem = key;
       FlatpakFilesystemMode mode = GPOINTER_TO_INT (value);
 
-      if (strcmp (filesystem, "host") == 0 ||
-          strcmp (filesystem, "home") == 0)
+      if (g_strv_contains (flatpak_context_special_filesystems, filesystem))
         continue;
 
       if (g_str_has_prefix (filesystem, "xdg-"))
-- 
2.27.0