sandbox: use a static path for the chroot dir

As a cgi process it creates way too many directories
if we keep the default behaviour of qssb. Another
problem at the moment is the fact that qssb does
not provide a mechanism to cleanup yet.
This commit is contained in:
Albert S. 2019-11-22 19:06:36 +01:00
والد 6fdf5f8f5a
کامیت 3b860491e0

1
cgit.c
مشاهده پرونده

@ -1065,6 +1065,7 @@ void enable_sandbox()
}
policy->path_policies = &dev_policy;
policy->namespace_options |= QSSB_UNSHARE_NETWORK;
policy->chroot_target_path = "/tmp/.sandbox_cgit";
if(qssb_enable_policy(policy) != 0)
{
fprintf(stderr, "%s", "Failed to init sandbox\n");