X-Git-Url: https://glassweightruler.freedombox.rocks/gitweb/waydroid.git/blobdiff_plain/e9d3d01bef8f7021667fe3e4b3fb3c518f3e8b10..c49dfd272d994b1cdaa14107fee66be84b80c06b:/tools/actions/container_manager.py

diff --git a/tools/actions/container_manager.py b/tools/actions/container_manager.py
index 7321c14..e537e18 100644
--- a/tools/actions/container_manager.py
+++ b/tools/actions/container_manager.py
@@ -22,8 +22,12 @@ class DbusContainerManager(dbus.service.Object):
         self.looper = looper
         dbus.service.Object.__init__(self, bus, object_path)
 
-    @dbus.service.method("id.waydro.ContainerManager", in_signature='a{ss}', out_signature='')
-    def Start(self, session):
+    @dbus.service.method("id.waydro.ContainerManager", in_signature='a{ss}', out_signature='', sender_keyword="sender", connection_keyword="conn")
+    def Start(self, session, sender, conn):
+        dbus_info = dbus.Interface(conn.get_object("org.freedesktop.DBus", "/org/freedesktop/DBus/Bus", False), "org.freedesktop.DBus")
+        uid = dbus_info.GetConnectionUnixUser(sender)
+        if str(uid) not in ["0", session["user_id"]]:
+            raise RuntimeError("Cannot start a session on behalf of another user")
         do_start(self.args, session)
 
     @dbus.service.method("id.waydro.ContainerManager", in_signature='b', out_signature='')
@@ -141,10 +145,6 @@ def do_start(args, session):
 
     helpers.protocol.set_aidl_version(args)
 
-    # Mount data
-    helpers.mount.bind(args, session["waydroid_data"],
-                       tools.config.defaults["data"])
-
     # Cgroup hacks
     if which("start"):
         command = ["start", "cgroup-lite"]
@@ -161,6 +161,14 @@ def do_start(args, session):
     # Set permissions
     set_permissions(args)
 
+    # Create session-specific LXC config file
+    helpers.lxc.generate_session_lxc_config(args, session)
+    # Backwards compatibility
+    with open(tools.config.defaults["lxc"] + "/waydroid/config") as f:
+        if "config_session" not in f.read():
+            helpers.mount.bind(args, session["waydroid_data"],
+                               tools.config.defaults["data"])
+
     helpers.lxc.start(args)
     services.hardware_manager.start(args)
 
@@ -196,8 +204,11 @@ def stop(args, quit_session=True):
         # Umount rootfs
         helpers.images.umount_rootfs(args)
 
-        # Umount data
-        helpers.mount.umount_all(args, tools.config.defaults["data"])
+        # Backwards compatibility
+        try:
+            helpers.mount.umount_all(args, tools.config.defaults["data"])
+        except:
+            pass
 
         if "session" in args:
             if quit_session: