[gnome-desktop] thumbnail: Don't try to setup seccomp when sandboxed
- From: Bastien Nocera <hadess src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-desktop] thumbnail: Don't try to setup seccomp when sandboxed
- Date: Tue, 1 Aug 2017 08:57:10 +0000 (UTC)
commit 4a4f2474d08c695933f75cb5e0bd0ba8550b4959
Author: Bastien Nocera <hadess hadess net>
Date: Sun Jul 30 17:29:59 2017 +0100
thumbnail: Don't try to setup seccomp when sandboxed
Flatpak drops privileges very early in the sandbox setup
phase which means that we don't have enough permissions to
setup seccomp. It would be nice if we could still use seccomp
to restrict even further, but that's not the case as of yet.
libgnome-desktop/gnome-desktop-thumbnail-script.c | 25 +++++++++++---------
1 files changed, 14 insertions(+), 11 deletions(-)
---
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c
b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index b48b7de..5a5f05f 100644
--- a/libgnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c
@@ -584,18 +584,21 @@ expand_thumbnailing_cmd (const char *cmd,
#endif
#ifdef ENABLE_SECCOMP
- const char *arch;
-
- arch = flatpak_get_arch ();
- g_assert (arch);
- if (!setup_seccomp (array,
- script->fd_array,
- arch,
- FALSE,
- FALSE,
- error))
+ if (script->sandbox)
{
- goto bail;
+ const char *arch;
+
+ arch = flatpak_get_arch ();
+ g_assert (arch);
+ if (!setup_seccomp (array,
+ script->fd_array,
+ arch,
+ FALSE,
+ FALSE,
+ error))
+ {
+ goto bail;
+ }
}
#endif
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]