From c95214b62b5b57fdbad3ed4f129657e8380e9df5 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 16 Apr 2024 11:12:50 +0100 Subject: [PATCH] flatpak-dir: For completeness, always add "--" to bwrap arguments This particular bwrap invocation cannot cause a sandbox escape because the command to run is hard-coded, but it's more clearly correct if we pass "--" to every bwrap invocation. Signed-off-by: Simon McVittie --- common/flatpak-dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 089fb80734..cfb0fda26f 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -8385,7 +8385,7 @@ apply_extra_data (FlatpakDir *self, flatpak_bwrap_envp_to_args (bwrap); - flatpak_bwrap_add_arg (bwrap, "/app/bin/apply_extra"); + flatpak_bwrap_add_args (bwrap, "--", "/app/bin/apply_extra", NULL); flatpak_bwrap_finish (bwrap);