Skip to main content
UnifiedPush
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. UnifiedPush
  2. /
  3. Developers
  4. /
  5. Sandbox Linux apps
Edit page

Sandbox Linux apps

If you distribute your application for Linux which uses UnifiedPush, you may wish to restrict how it can interact with other UnifiedPush application and the push service.

Introduction

UnifiedPush on Linux uses D-Bus. D-Bus is a common Inter-Process Communication (IPC) mechanism on Linux. The applications reclaim ownersip of a service name and talk to other services. An application supporting UnifiedPush needs to own a service and talk to distributors services on the session bus, which always start with org.unifiedpush.Distributor..

The way D-Bus work by default can allow an application to impersonate a service name if it is not already owned, and therefore access potentially sensitive information. This is why it is recommended to sandbox as possible the access to the D-Bus.

Flatpak

By default, an application distributed with Flatpak has a limited access to the session D-Bus instance: it can only own its own name on the bus (Sandbox Permissions).

If your application uses its Flatpak name for its D-Bus service name, then you don’t have to specify anything for the ownership, else this is done with --own-name=.

systemd

systemd is a common service manager on Linux. By default, it doesn’t provide any interface to sandbox communication on the D-Bus, but it is possible to use xdg-dbus-proxy to achieve that. xdg-dbus-proxy was originally part of the flatpak project but it has been broken out as a standalone module.

To do so, you need to make you service depending on another service. Bellow, myservice.service is your main systemd service unit, and it will now depend on dbus-myservice.service. You need to add or edit After, Requires and BindReadOnlyPaths.

myservice.service:

[Unit]
Description=My Service
After=network-online.target dbus-myservice.service dbus.service
Requires=dbus-myservice.service

[Service]
# e.g.
# Type=oneshot
# ExecStart=dbus-send --session --print-reply --dest=org.freedesktop.DBus  /org/freedesktop/DBus org.freedesktop.DBus.ListNames
Type=simple
ExecStart=myservice

# The bus can stay read-only
BindReadOnlyPaths=%t/bus@myservice:%t/bus

#Other sandboxing options
ProtectHome=read-only
ProtectSystem=true
#etc.

dbus-myservice.service:

[Unit]
Description=D-Bus proxy for My Service
After=dbus.socket
Requires=dbus.socket

[Service]
Type=simple
ExecStart=xdg-dbus-proxy unix:path=%t/bus %t/bus@myservice --filter --talk="org.unifiedpush.Distributor.*" --own="tld.example.MyService"
ExecStop=rm %t/bus@myservice

ReadWritePaths=%t

#Other sandboxing options
ProtectHome=read-only
ProtectSystem=true
#etc.
gdoc_arrow_left_alt Implementations Definitions gdoc_arrow_right_alt