sandbox: use a static path for the chroot dir
As a cgi process it creates way too many directories if we keep the default behaviour of qssb. Another problem at the moment is the fact that qssb does not provide a mechanism to cleanup yet.
This commit is contained in:
parent
6fdf5f8f5a
commit
3b860491e0
1
cgit.c
1
cgit.c
@ -1065,6 +1065,7 @@ void enable_sandbox()
|
|||||||
}
|
}
|
||||||
policy->path_policies = &dev_policy;
|
policy->path_policies = &dev_policy;
|
||||||
policy->namespace_options |= QSSB_UNSHARE_NETWORK;
|
policy->namespace_options |= QSSB_UNSHARE_NETWORK;
|
||||||
|
policy->chroot_target_path = "/tmp/.sandbox_cgit";
|
||||||
if(qssb_enable_policy(policy) != 0)
|
if(qssb_enable_policy(policy) != 0)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "%s", "Failed to init sandbox\n");
|
fprintf(stderr, "%s", "Failed to init sandbox\n");
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user