fix firestart race condition

1 files changed, 30 insertions, 5 deletions

diff --git a/firestart b/firestart
index 1daf05c..2557903 100755
--- a/firestart
+++ b/firestart
@@ -1,13 +1,38 @@
 #!/bin/bash
 
-CMD=firefox
-UNIT=$CMD@$DISPLAY
+UNIT=firefox@$DISPLAY
 
 if systemctl --user is-active "$UNIT" >/dev/null
 then
-    # Asks existing firefox to open a new window.  Technically is racy,
-    # since the unit could become active after our check.
-    exec "$CMD" "$@"
+    # Ask the existing firefox to open a new window.
+
+    # Firefox does not include an official API to do this in a way that
+    # is not racy.  If we merely do this:
+    #
+    #     exec firefox "$@"
+    #
+    # ...then the unit could become inactive after our check, in which
+    # case this launches a new firefox outside the container!
+    #
+    # So instead, we launch the same command using a systemd container
+    # that prevents Firefox from forking off a new process.
+    #
+    # Well, actually, we let it fork off _one_ process, since otherwise
+    # it segfaults.  But this _does_ happen to prevent it starting a new
+    # firefox instance!  Firefox safely segfaults if it is limited this
+    # way while trying to start a new instance.
+    #
+    # A more "correct" approach is available here:
+    # https://github.com/ayosec/findfox
+    exec systemd-run \
+      --user \
+      --property Environment="DISPLAY=$DISPLAY" \
+      --property Environment=XAUTHORITY="$XAUTHORITY" \
+      --property TasksMax=2 \
+      --wait \
+      --pipe \
+      -q \
+      -- /bin/sh -c 'exec firefox "$@"' sh "$@"
 else
     systemctl --user reset-failed "$UNIT" 2>/dev/null
     systemctl --user start "$UNIT"