Add env variable to disable sandbox escape

zed-industries · May 26, 2024 · 266fe56 · 266fe56
1 parent a7a2aa7
commit 266fe56
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 3 deletions.
diff --git a/crates/cli/src/main.rs b/crates/cli/src/main.rs
@@ -79,6 +79,9 @@ fn main() -> Result<()> {
     }
     let args = Args::parse();
 
+    #[cfg(target_os = "linux")]
+    let args = flatpak::set_bin_if_no_escape(args);
+
     let app = Detect::detect(args.zed.as_deref()).context("Bundle detection")?;
 
     if args.version {
@@ -290,6 +293,7 @@ mod flatpak {
     use std::{env, process};
 
     const EXTRA_LIB_ENV_NAME: &'static str = "ZED_FLATPAK_LIB_PATH";
+    const NO_ESCAPE_ENV_NAME: &'static str = "ZED_FLATPAK_NO_ESCAPE";
 
     /// Adds bundled libraries to LD_LIBRARY_PATH if running under flatpak
     pub fn ld_extra_libs() {
@@ -338,7 +342,25 @@ mod flatpak {
         }
     }
 
+    pub fn set_bin_if_no_escape(mut args: super::Args) -> super::Args {
+        if env::var(NO_ESCAPE_ENV_NAME).is_ok()
+            && env::var("FLATPAK_ID").map_or(false, |id| id.starts_with("dev.zed.Zed"))
+        {
+            println!("test");
+            if args.zed.is_none() {
+                args.zed = Some("/app/bin/zed-app".into());
+                env::set_var("ZED_IS_FLATPAK_INSTALL", "1");
+                println!("{:#?}", env::vars());
+            }
+        }
+        args
+    }
+
     fn get_flatpak_dir() -> Option<PathBuf> {
+        if env::var(NO_ESCAPE_ENV_NAME).is_ok() {
+            return None;
+        }
+
         if let Ok(flatpak_id) = env::var("FLATPAK_ID") {
             if !flatpak_id.starts_with("dev.zed.Zed") {
                 return None;

diff --git a/crates/zed/resources/flatpak/manifest-template.json b/crates/zed/resources/flatpak/manifest-template.json
@@ -3,9 +3,20 @@
   "runtime": "org.freedesktop.Platform",
   "runtime-version": "23.08",
   "sdk": "org.freedesktop.Sdk",
-  "sdk-extensions": ["org.freedesktop.Sdk.Extension.rust-stable"],
+  "sdk-extensions": [
+    "org.freedesktop.Sdk.Extension.rust-stable"
+  ],
   "command": "zed",
-  "finish-args": ["--talk-name=org.freedesktop.Flatpak"],
+  "finish-args": [
+    "--talk-name=org.freedesktop.Flatpak",
+    "--device=dri",
+    "--share=ipc",
+    "--share=network",
+    "--socket=wayland",
+    "--socket=fallback-x11",
+    "--socket=pulseaudio",
+    "--filesystem=host"
+  ],
   "build-options": {
     "append-path": "/usr/lib/sdk/rust-stable/bin"
   },
@@ -45,4 +56,4 @@
       ]
     }
   ]
-}
+}