[gnome-desktop] thumbnail: Don't try to setup seccomp when sandboxed

[Bastien Nocera <hadess src gnome org>]

commit 4a4f2474d08c695933f75cb5e0bd0ba8550b4959
Author: Bastien Nocera <hadess hadess net>
Date:   Sun Jul 30 17:29:59 2017 +0100

    thumbnail: Don't try to setup seccomp when sandboxed
    
    Flatpak drops privileges very early in the sandbox setup
    phase which means that we don't have enough permissions to
    setup seccomp. It would be nice if we could still use seccomp
    to restrict even further, but that's not the case as of yet.

 libgnome-desktop/gnome-desktop-thumbnail-script.c |   25 +++++++++++---------
 1 files changed, 14 insertions(+), 11 deletions(-)
---
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c 
b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index b48b7de..5a5f05f 100644
--- a/libgnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c
@@ -584,18 +584,21 @@ expand_thumbnailing_cmd (const char  *cmd,
 #endif
 
 #ifdef ENABLE_SECCOMP
-  const char *arch;
-
-  arch = flatpak_get_arch ();
-  g_assert (arch);
-  if (!setup_seccomp (array,
-                      script->fd_array,
-                      arch,
-                      FALSE,
-                      FALSE,
-                      error))
+  if (script->sandbox)
     {
-      goto bail;
+      const char *arch;
+
+      arch = flatpak_get_arch ();
+      g_assert (arch);
+      if (!setup_seccomp (array,
+                          script->fd_array,
+                          arch,
+                          FALSE,
+                          FALSE,
+                          error))
+        {
+          goto bail;
+        }
     }
 #endif