From 14489deb0a26f3dbeaef417d16a57ea4cf3e12bb Mon Sep 17 00:00:00 2001 From: Martin Pulec Date: Mon, 12 Sep 2022 13:51:15 +0200 Subject: [PATCH] AppImage: set TMPDIR to a writable path --- data/scripts/Linux-AppImage/AppRun | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/scripts/Linux-AppImage/AppRun b/data/scripts/Linux-AppImage/AppRun index 3c660719f..0bb9f7671 100755 --- a/data/scripts/Linux-AppImage/AppRun +++ b/data/scripts/Linux-AppImage/AppRun @@ -180,7 +180,8 @@ if [ -n "${ULTRAGRID_USE_FIREJAIL-}" ] && [ "$ULTRAGRID_USE_FIREJAIL" != 0 ] && if expr "$ULTRAGRID_USE_FIREJAIL" : '.*\.profile' >/dev/null; then FIREJAIL_OPTS="--profile=$ULTRAGRID_USE_FIREJAIL" else - FIREJAIL_OPTS="--caps.drop=all --ipc-namespace --nonewprivs --noroot --protocol=unix,inet,inet6,netlink --seccomp --shell=none --disable-mnt --private-bin=none --private-opt=none --read-only=/tmp --writable-var" + FJ_TMPDIR=${TMPDIR-/tmp/ultragrid-$(id -u)} + FIREJAIL_OPTS="--caps.drop=all --ipc-namespace --nonewprivs --noroot --protocol=unix,inet,inet6,netlink --seccomp --shell=none --disable-mnt --private-bin=none --private-opt=none --read-only=/tmp --mkdir=$FJ_TMPDIR --read-write=$FJ_TMPDIR --writable-var" FIREJAIL_OPTS="$FIREJAIL_OPTS $(get_firejail_whitelist "$@") --private-etc=alsa,group,hostname,ld.so.conf,ld.so.cache,ld.so.conf.d,nsswitch.conf,passwd,resolv.conf --ignore=novideo" fi if firejail --version | grep -iq "d-\{0,1\}bus.*enabled"; then @@ -189,7 +190,7 @@ if [ -n "${ULTRAGRID_USE_FIREJAIL-}" ] && [ "$ULTRAGRID_USE_FIREJAIL" != 0 ] && if firejail --help | grep -q -- --keep-var-tmp; then FIREJAIL_OPTS="$FIREJAIL_OPTS --keep-var-tmp" fi - RUN="firejail --env=LD_PRELOAD=${LD_PRELOAD} --env=LD_LIBRARY_PATH=${LD_LIBRARY_PATH} --env=UG_FONT_DIR=${UG_FONT_DIR} $FIREJAIL_OPTS " + RUN="firejail --env=LD_PRELOAD=${LD_PRELOAD} --env=LD_LIBRARY_PATH=${LD_LIBRARY_PATH}${FJ_TMPDIR+ --env=TMPDIR=${FJ_TMPDIR}} --env=UG_FONT_DIR=${UG_FONT_DIR} $FIREJAIL_OPTS " fi if [ $# -eq 0 ] || [ "${1-}" = "--gui" ]; then