Segfault when scaling is used
When using native wayland applications in combination with sandboxing technologies like seccomp, I recently noticed that this combination can lead to some weird behavior when scaling is thrown into the mix.
In my case I used seccomp to deny an application the use of openat with the O_RDWR flag to prevent the application from writing to files. This works fine, however when scaling is used the application segfaults on wayland.
Failed to load cursor theme Adwaita with scale 2 Segmentation fault
segfault at 0 ip 00006ea451ecd69a sp 000075565d1c3710 error 4 in libwayland-cursor.so.0.0.0[6ea451ecd000+2000]
Using strace on the sandboxed process:
openat(AT_FDCWD, 0xbd1ec4e8630, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0600) = -1 EACCES (Permission denied)
After some debugging, I found this (seccomp disabled, no crash):
openat(AT_FDCWD, "/run/user/1000/wayland-cursor-shared-5LrjF7", O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0600 <unfinished ...> openat(AT_FDCWD, 0x26b8da8ff00, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0600) = 11
Doing some google search on this issue, there seem to be other bugs that are caused by applications not being able to write to /run/user/UID/wayland-cursor-shared-******
Does this file (which does not exists on my system as far as I can tell) really need to be opened with write permissions?
Even if the crashing process is blocked from writing to this file by something like seccomp or apparmor, I think it should not segfault simply because it has no permissions to access this file, especially since even with the necessary permissions the file is not always accessed successfully in the end.
As it stands now it seems to be impossible to use effective sandboxing on wayland applications when scaling is used. Can we solve this somehow? Perhaps by adding an exception for missing permissions to this file access?
Any help on this would be greatly appreciated. Thanks