X-Git-Url: https://glassweightruler.freedombox.rocks/gitweb/waydroid.git/blobdiff_plain/c49dfd272d994b1cdaa14107fee66be84b80c06b..f4506ffd957502bc93ed56ed9b49fc65f3e486bb:/tools/actions/container_manager.py?ds=sidebyside

diff --git a/tools/actions/container_manager.py b/tools/actions/container_manager.py
index e537e18..bb3b650 100644
--- a/tools/actions/container_manager.py
+++ b/tools/actions/container_manager.py
@@ -28,6 +28,9 @@ class DbusContainerManager(dbus.service.Object):
         uid = dbus_info.GetConnectionUnixUser(sender)
         if str(uid) not in ["0", session["user_id"]]:
             raise RuntimeError("Cannot start a session on behalf of another user")
+        pid = dbus_info.GetConnectionUnixProcessID(sender)
+        if str(uid) != "0" and str(pid) != session["pid"]:
+            raise RuntimeError("Invalid session pid")
         do_start(self.args, session)
 
     @dbus.service.method("id.waydro.ContainerManager", in_signature='b', out_signature='')
@@ -139,12 +142,6 @@ def do_start(args, session):
         tools.helpers.run.user(
             args, ["waydroid-sensord", "/dev/" + args.HWBINDER_DRIVER], output="background")
 
-    # Mount rootfs
-    cfg = tools.config.load(args)
-    helpers.images.mount_rootfs(args, cfg["waydroid"]["images_path"], session)
-
-    helpers.protocol.set_aidl_version(args)
-
     # Cgroup hacks
     if which("start"):
         command = ["start", "cgroup-lite"]
@@ -169,6 +166,12 @@ def do_start(args, session):
             helpers.mount.bind(args, session["waydroid_data"],
                                tools.config.defaults["data"])
 
+    # Mount rootfs
+    cfg = tools.config.load(args)
+    helpers.images.mount_rootfs(args, cfg["waydroid"]["images_path"], session)
+
+    helpers.protocol.set_aidl_version(args)
+
     helpers.lxc.start(args)
     services.hardware_manager.start(args)