flatpak-dir: For completeness, always add "--" to bwrap arguments

This particular bwrap invocation cannot cause a sandbox escape because the command to run is hard-coded, but it's more clearly correct if we pass "--" to every bwrap invocation. Signed-off-by: Simon McVittie <[email protected]>
flatpak · Apr 17, 2024 · c95214b · c95214b
1 parent bbab7ed
commit c95214b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
@@ -8385,7 +8385,7 @@ apply_extra_data (FlatpakDir *self,
 
  flatpak_bwrap_envp_to_args (bwrap);
 
- flatpak_bwrap_add_arg (bwrap, "/app/bin/apply_extra");
+ flatpak_bwrap_add_args (bwrap, "--", "/app/bin/apply_extra", NULL);
 
  flatpak_bwrap_finish (bwrap);