Flatpak Request for hardened_malloc

qoijjj · December 5, 2023, 7:19am

Project information:

Hardened allocator designed for modern systems. It has integration into Android’s Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

Name: hardened_malloc
Homepage: GitHub - GrapheneOS/hardened_malloc: Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
License: MIT
Upstream has been contacted: N/A

Additional details:

github.com/flatpak/flatpak

[Question]: What is the recommend method to have LD_PRELOAD honored by flatpak applications?

opened 06:10PM - 04 Dec 23 UTC

qoijjj

enhancement

### Checklist - [X] I agree to follow the [Code of Conduct](https://github.com/…flatpak/flatpak/blob/main/CODE_OF_CONDUCT.md) that this project adheres to. - [X] I have searched the [issue tracker](https://www.github.com/flatpak/flatpak/issues) for a feature request that matches the one I want to file, without success. ### Suggestion There is a partially related comment I made here: https://github.com/flatpak/flatpak/issues/5575#issuecomment-1837706101 But that doesn't fully capture the question. The question is, what is the method recommended by flatpak officially to have LD_PRELOAD honored by flatpak applications?

github.com/flatpak/flatpak

[Bug]: Can't access `/usr` with permission

opened 09:46AM - 02 Nov 23 UTC

closed 03:57PM - 02 Nov 23 UTC

JakobDev

bug

### Checklist - [X] I agree to follow the [Code of Conduct](https://github.com/…flatpak/flatpak/blob/main/CODE_OF_CONDUCT.md) that this project adheres to. - [X] I have searched the [issue tracker](https://www.github.com/flatpak/flatpak/issues) for a bug that matches the one I want to file, without success. - [X] If this is an issue with a particular app, I have tried filing it in the appropriate issue tracker for the app (e.g. under https://github.com/flathub/) and determined that it is an issue with Flatpak itself. - [X] This issue is not a report of a security vulnerability (see [here](https://github.com/flatpak/flatpak/blob/main/SECURITY.md) if you need to report a security issue). ### Flatpak version 1.15.4 ### What Linux distribution are you using? Manjaro Linux ### Linux distribution version latest ### What architecture are you using? x86_64 ### How to reproduce Give a Flatpak the `filesystem=host:ro` permission. now you can access the `/usr `directory f the Host as `/run/host/usr` inside the Flatpak. Now remove the `filesystem=host:ro` permission and add the `filesystem=/usr/share/applications:ro` instead. ### Expected Behavior You should be able to access `/usr/share/applications` from the host inside the Flatpak as `/run/host/usr/share/applications`. ### Actual Behavior When starting the Flatpak you get an `F: Not sharing "/usr/share/applications" with sandbox: Path "/usr" is reserved by Flatpak` error and can't access the directory. ### Additional Information _No response_

razzeee · December 5, 2023, 8:38am

Hey, we’re very focused on the flathub part of the stack here, so you probably won’t reach many core flatpak devs here. You probably want to raise this over at GitHub - flatpak/flatpak: Linux application sandboxing and distribution framework