[Feature Request] Move single-instance socket into dedicated directory #25353
Comments
|
The socket is in /tmp and it works just fine with flatpak and snap. Ask firejail to have a shared /tmp, this won't be changed, sorry. |
When I run telegram without any sandbox, it ends up in What causes the change in behaviour?
No worries, I can share a |
Still curious about this tho. |
There's no any condition to use $XDG_RUNTIME_DIR, so that's strange, it shouldn't do that |
|
Unless Qt does some smart voo-doo magic, of course |
|
When I run |
|
apparently QDir::tempPath decides so |
|
I can't reproduce, btw |
|
Are you sure it's not RuntimeLocation? Is $XDR_RUNTIME_DIR set for you?
RuntimeLocation uses that but falls back to /tmp.
https://github.com/qt/qtbase/blob/ce0d7477a91d73a642bf1f3b34eb7e89f4dfab9e/src/corelib/io/qstandardpaths_unix.cpp#L256-L277
…On Tue, 15 Nov 2022, at 21:54, ilya-fedin wrote:
apparently QDir::tempPath decides so
—
Reply to this email directly, view it on GitHub <#25353 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFSNOYYXCJJKJL5WMJKZ2LWIPZ65ANCNFSM6AAAAAASBFNDWI>.
You are receiving this because you modified the open/close state.Message ID: ***@***.***>
--
Hugo
|
In 1.9.7..4.3.0 it's RuntimeLocation. In older and newer versions it's QDir::tempPath.
Yes |
Since migration to Qt 6, people periodically creating issues about incorrect single instance check in flatpak. This goes from the fact Qt 6 does permission checks on the XDG_RUNTIME_DIR and there's no easy way to work around that, so declare we don't support those flatpak versions. Specifying the version that added shared /tmp support.
Is your feature request related to a problem?
Sandboxing mechanism can expose parts of the host filesystem into a sandbox by bind-mounting them. For example, one can mount
~/.local/share/TelegramDesktopinto the same path in a sandbox and Telegram works (assuming the path to the binary and required libraries have been mounted too).Generally, it is possible can bind-mount any type of file, but it MUST exist on the host.
Telegram Desktop creates its single-instance directory inside
$XDG_RUNTIME_DIR, with a non-obvious filename. There's no way for sand-boxing mechanism to ensure that the socket is visible to a second process oftelegram-desktopwithout exposing other sensitive files in$XDG_RUNTIME_DIR. (more on this on "Describe alternatives you've considered" below).Describe the solution you'd like
A common pattern is to use a dedicated directory. For example, KeePassXC creates its browser-integration socket in a dedicated directory (
$XDG_RUNTIME_DIR/app/org.keepassxc.KeePassXC/). This ensures the same directory can be mounted on multiple sandboxes, and the same socket is visible to all of them (in this particular case the same directory is also mounted into the brower's sandbox, but that's beside the point here).I'd like to propose moving the single-instance sockets into the
$XDG_RUNTIME_DIR/app/org.telegram.desktop/directory, with the filename remaining the same as it is now (or whatever you want it to be).Describe alternatives you've considered
Exposing all of
$XDG_RUNTIME_DIRexposes a lot of sensitive sockets into the sandbox (e.g.: docker control socket, ssh-agent socket, and a few others).Hardcoding the filename is not an option; it's impossible to mount the socket if it doesn't exist first. However the socket will be created by telegram after it starts up, but telegram can only run after all the mounting has been completed.
Additional context
A vaguely similar issue for keepasxc: keepassxreboot/keepassxc#8018
I've seen #16349 and #16350. The intent seemed to have been similar.
Currently, with firejail, telegram will just spawn a second instance. I'm using my own sandboxing with bubblewrap, and the same issue occurs.
The text was updated successfully, but these errors were encountered: