mirror of
https://github.com/brl/mutter.git
synced 2025-02-15 21:04:10 +00:00
abadb29132
The `ensure_x11_unix_perms` function tries to detect systems on which /tmp/.X11-unix is owned by neither root nor ourselves because in that case the owner can take over the socket we create (symlink races are fixed in linux 800179c9b8a1e796e441674776d11cd4c05d61d7). This should not be possible in the first place and systems should come with some way to ensure that's the case (systemd-tmpfiles, polyinstantiationm …). That check however only works if we see the root user namespace which might not be the case when running in e.g. toolbx. This change relaxes the requirements such that in the root user namespace we detect and abort if a vulnerable system is detected but unconditionally run in toolbx. Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2261>