Am 06.12.2016 um 18:54 schrieb jose aliste gmail com:
Although this is not an issue for evince on its own, I would like to know why evince behaves like this. From experiments I found out that if I remove the evince.service file or block access to the dbus socket, evince still seems to works as expected without evinced. Another way to prevent this seems to be to use the --disable-dbus flag.The difference and the reason why evinced exists is because Evince is using different processes for different Documents. That is, if you have four documents opened in evince, then you'd have four evince processes + the evinced process. The Evinced process is there to coordinate between the different evince processes. Of course this is not necessary, it was a decision taken a long time ago, but last time we discussed this feature we were happy about it. That being said, there is always the question of add sandboxing to evince since we are dealing with pdf and there are a lot of security bugs involving pdf files. So any help in this direction would be welcomed. Greetings, José
Thanks for explaining. What exact funcionality is missing when used without evinced? The feedback I got from several more experienced linux devs, was that the decision to use a daemon process here is questional to beginn with from a security standpoint. From what I have seen, there are a growing number of applications that use such a functionality on gnome and kde/plasma. Starting services via dbus seems to be modern. If you are interested in sandboxing evince in the future, then it might be worth considering to avoid the use of such an daemon process. At least in firejail it is a pain to deal with that.
Attachment:
signature.asc
Description: OpenPGP digital signature