Re: Tracker as a security risks

From: Michael Biebl <mbiebl gmail com>
To: Tomasz Torcz <tomek pipebreaker pl>
Cc: desktop-devel-list <desktop-devel-list gnome org>
Subject: Re: Tracker as a security risks
Date: Fri, 9 Dec 2016 12:58:34 +0100

2016-12-09 7:11 GMT+01:00 Tomasz Torcz <tomek pipebreaker pl>:

On Fri, Dec 09, 2016 at 01:35:39AM +0100, Michael Biebl wrote:

2016-12-06 0:03 GMT+01:00 Michael Catanzaro <mcatanzaro gnome org>:

On Mon, 2016-12-05 at 21:31 +0100, Carlos Garnacho wrote:

Thanks for the tip :), worth a look indeed, although I'm looking into
using seccomp directly.


Strongly consider using libseccomp for this!


Has it been considered to use the systemd sandboxing features? tracker
already ships systemd --user service files, so you'd basically get
that for free.


  Correct me if I'm wrong, but aren't systemd sandboxing features only
available to system instance?  User systemd sessions lack priviledges
to set up separate namespaces etc.


The seccomp based ones aren't. I'm aware though, that most *do*
require root privileges to set up and I've asked upstream to more
clearly mark which features are available user services and which
aren't in the documentation.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

References:
- Tracker as a security risks
  - From: Hanno Böck
- Re: Tracker as a security risks
  - From: Sam Thursfield
- Re: Tracker as a security risks
  - From: Hanno Böck
- Re: Tracker as a security risks
  - From: Carlos Garnacho
- Re: Tracker as a security risks
  - From: Philip Withnall
- Re: Tracker as a security risks
  - From: Carlos Garnacho
- Re: Tracker as a security risks
  - From: Michael Catanzaro
- Re: Tracker as a security risks
  - From: Michael Biebl
- Re: Tracker as a security risks
  - From: Tomasz Torcz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]