{"id":26318,"url":"https://patchwork.libcamera.org/api/1.1/patches/26318/?format=json","web_url":"https://patchwork.libcamera.org/patch/26318/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/1.1/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260323170700.105171-1-dev@fredfunk.tech>","date":"2026-03-23T17:07:58","name":"ipa: fall back to in-process mode when isolation fails","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"15c727293f2a2d890e6701252a01f7ba539d5120","submitter":{"id":260,"url":"https://patchwork.libcamera.org/api/1.1/people/260/?format=json","name":"Frederic Laing","email":"dev@fredfunk.tech"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/26318/mbox/","series":[{"id":5838,"url":"https://patchwork.libcamera.org/api/1.1/series/5838/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=5838","date":"2026-03-23T17:07:58","name":"ipa: fall back to in-process mode when isolation fails","version":1,"mbox":"https://patchwork.libcamera.org/series/5838/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/26318/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/26318/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id C890FBE086\n\tfor ;\n\tMon, 23 Mar 2026 17:08:06 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id DB21262776;\n\tMon, 23 Mar 2026 18:08:05 +0100 (CET)","from mail-4318.protonmail.ch (mail-4318.protonmail.ch\n\t[185.70.43.18])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id E7BBE62647\n\tfor ;\n\tMon, 23 Mar 2026 18:08:03 +0100 (CET)"],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (2048-bit key;\n\tunprotected) header.d=fredfunk.tech header.i=@fredfunk.tech\n\theader.b=\"4Hxb3q1q\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=fredfunk.tech;\n\ts=protonmail; t=1774285683; x=1774544883;\n\tbh=Yr4KDzB2zjSwznvNH4g3EY2QZIrgNWFVLwD4pL/3I9s=;\n\th=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:\n\tSubject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;\n\tb=4Hxb3q1q4XbaHILPPw2Lc8Xrcs9s9xaZspdLfTZoNVyqjSomVIZv2TCg2JMZiuT8v\n\tQFYBZbQNxwoB7nQf4eKodbJZu6TqV0YKLHlXPwA60iRx9ZfFrbyYTubc1M3BsE/CdN\n\t67nQ2hulXI6p4WMdH38refMHWzjoKALBtfWq+beOqcrs1ifsvJSUcwMs0C6XO1SZky\n\t0usVQ5iJj1sZ3l0+Pxll+ywTf6weKJDH5cdVKQUACLVb7M500SfmlGDHESmV9wGWUo\n\tdCaayPhNIJptA0X0FF9Ovcuem7ywIGqBtjCFDPc+E8J0nzHRxfMDe6lEeLLCL6VjF2\n\tLsEma/fbnHHpQ==","Date":"Mon, 23 Mar 2026 17:07:58 +0000","To":"libcamera-devel@lists.libcamera.org","From":"Frederic Laing ","Cc":"Frederic Laing ","Subject":"[PATCH] ipa: fall back to in-process mode when isolation fails","Message-ID":"<20260323170700.105171-1-dev@fredfunk.tech>","Feedback-ID":"182542373:user:proton","X-Pm-Message-ID":"ced575e561d0798ba26725407286d51c44b8b08b","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"quoted-printable","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "},"content":"When the isolated IPA proxy fails to start (e.g. because fork() is\nblocked by a sandbox's seccomp filter), fall back to loading the IPA\nmodule in-process using the Threaded proxy instead of failing entirely.\n\nThis enables libcamera to work inside Flatpak and other sandboxed\nenvironments where process isolation via clone3() with CLONE_NEWUSER\nand CLONE_NEWNET is not permitted.\n\nWhen isolation is explicitly forced via LIBCAMERA_IPA_FORCE_ISOLATION\nor the ipa.force_isolation configuration option, the fallback is\nsuppressed and the proxy creation fails with an error instead, to\npreserve the intended security policy.\n\nTested on OnePlus 6T (Qualcomm SDM845) with IMX371 front camera.\nTested on Google Pixel 3a (Qualcomm SDM670) with IMX355 front camera.\n\nSigned-off-by: Frederic Laing \n---\n include/libcamera/internal/ipa_manager.h | 29 ++++++++++++++++++++++--\n 1 file changed, 27 insertions(+), 2 deletions(-)","diff":"diff --git a/include/libcamera/internal/ipa_manager.h b/include/libcamera/internal/ipa_manager.h\nindex f8ce7801..03553711 100644\n--- a/include/libcamera/internal/ipa_manager.h\n+++ b/include/libcamera/internal/ipa_manager.h\n@@ -48,8 +48,33 @@ public:\n \t\tauto proxy = [&]() -> std::unique_ptr {\n \t\t\tif (self->isSignatureValid(m))\n \t\t\t\treturn std::make_unique(m, configuration);\n-\t\t\telse\n-\t\t\t\treturn std::make_unique(m, configuration);\n+\n+\t\t\tauto isolated = std::make_unique(m, configuration);\n+\t\t\tif (isolated->isValid())\n+\t\t\t\treturn isolated;\n+\n+#if HAVE_IPA_PUBKEY\n+\t\t\tif (self->forceIsolation_) {\n+\t\t\t\tLOG(IPAManager, Error)\n+\t\t\t\t\t<< \"IPA process isolation failed for \"\n+\t\t\t\t\t<< m->path()\n+\t\t\t\t\t<< \" and isolation is forced\";\n+\t\t\t\treturn isolated;\n+\t\t\t}\n+#endif\n+\n+\t\t\t/*\n+\t\t\t * Fall back to in-process loading when process\n+\t\t\t * isolation fails. This typically happens inside\n+\t\t\t * sandboxed environments (e.g. Flatpak) where\n+\t\t\t * fork() is blocked by the seccomp filter.\n+\t\t\t */\n+\t\t\tLOG(IPAManager, Warning)\n+\t\t\t\t<< \"IPA process isolation failed for \"\n+\t\t\t\t<< m->path()\n+\t\t\t\t<< \", falling back to in-process mode\";\n+\n+\t\t\treturn std::make_unique(m, configuration);\n \t\t}();\n \n \t\tif (!proxy->isValid()) {\n","prefixes":[]}