From 4d0d9ba9c67738d95289408c3a03c6f5323269f7 Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Fri, 22 Apr 2022 08:06:03 +0200
Subject: [PATCH] main: sandbox: Add clone vow, Use exile_vows_from_str()

Fresh ubuntu 22.04 uses clone3(). thread vow is not enough anymore.

Maybe Qt uses it now, who knows, let's just allow it for the time being.
---
 gui/main.cpp | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/gui/main.cpp b/gui/main.cpp
index 81c312d..29ead46 100644
--- a/gui/main.cpp
+++ b/gui/main.cpp
@@ -31,11 +31,7 @@ void enableSandbox(QString socketPath)
 
 	std::string sockPath = socketPath.toStdString();
 	policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
-	policy->vow_promises = EXILE_SYSCALL_VOW_THREAD | EXILE_SYSCALL_VOW_CPATH | EXILE_SYSCALL_VOW_WPATH |
-						   EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_STDIO |
-						   EXILE_SYSCALL_VOW_PROT_EXEC | EXILE_SYSCALL_VOW_PROC | EXILE_SYSCALL_VOW_SHM |
-						   EXILE_SYSCALL_VOW_FSNOTIFY | EXILE_SYSCALL_VOW_IOCTL;
-
+	policy->vow_promises = exile_vows_from_str("thread cpath wpath rpath unix stdio prot_exec proc shm fsnotify ioctl clone");
 	if(exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/") != 0)
 	{
 		qCritical() << "Failed to append a path to the path policy";