[tracker-miners/wip/carlosg/better-extractor-errors: 4/5] tracker-extract: Enable sandbox for commandline invocations

From: Carlos Garnacho <carlosg src gnome org>
To: commits-list gnome org
Cc:
Subject: [tracker-miners/wip/carlosg/better-extractor-errors: 4/5] tracker-extract: Enable sandbox for commandline invocations
Date: Thu, 12 Nov 2020 23:28:55 +0000 (UTC)


commit cc518b6221cdd5abac1f64f508fb199aab7a4fc5
Author: Carlos Garnacho <carlosg gnome org>
Date:   Wed Nov 11 11:12:27 2020 +0100

    tracker-extract: Enable sandbox for commandline invocations
    
    We don't initialize the sandbox in commandline invocations, which
    has 2 downsides:
    - Users may get sandbox exceptions trapped in journalctl/coredumpctl,
      but not be able to reproduce easily on the command line.
    - Should a vulnerability exist in our dependencies, users could
      potentially run head first into them.
    
    It seems a good idea to enable the sandbox also for commandline
    invocations.

 src/tracker-extract/tracker-extract.c | 3 +++
 1 file changed, 3 insertions(+)
---
diff --git a/src/tracker-extract/tracker-extract.c b/src/tracker-extract/tracker-extract.c
index 3bd7b4b35..29c5df384 100644
--- a/src/tracker-extract/tracker-extract.c
+++ b/src/tracker-extract/tracker-extract.c
@@ -695,6 +695,9 @@ tracker_extract_get_metadata_by_cmdline (TrackerExtract             *object,
                                                                  NULL,
                                                                  &task->func);
 
+       if (!tracker_seccomp_init ())
+               g_assert_not_reached ();
+
        if (!filter_module (object, task->module) &&
            get_file_metadata (task, &info, NULL)) {
                resource = tracker_extract_info_get_resource (info);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]