shared/gui: Add LOOQS_DISABLE_SANDBOX env to allow disabling sandboxing
Mainly for devs to check whether a problem is caused by sandboxing.
This commit is contained in:
@@ -12,6 +12,8 @@ The architecture ensures that the parsing of documents and the preview generatio
|
|||||||
|
|
||||||
Qt code is considered trusted in this model. While one may critize this, it was the only practical solution. looqs uses its serialization mechanism and other classes to communicate between the non-sandboxed GUI process and the sandboxed processes.
|
Qt code is considered trusted in this model. While one may critize this, it was the only practical solution. looqs uses its serialization mechanism and other classes to communicate between the non-sandboxed GUI process and the sandboxed processes.
|
||||||
|
|
||||||
|
Set the enviornment variable `LOOQS_DISABLE_SANDBOX=1` to disable sandboxing. It's intended for troublehshooting.
|
||||||
|
|
||||||
## Database
|
## Database
|
||||||
The heart is sqlite, with the FTS5 extensions behind the full-text search. I definitly did not
|
The heart is sqlite, with the FTS5 extensions behind the full-text search. I definitly did not
|
||||||
want to run some heavy Java based solutions. I explored other options like Postgresql, I've discard them due to some limitations back then.
|
want to run some heavy Java based solutions. I explored other options like Postgresql, I've discard them due to some limitations back then.
|
||||||
|
|||||||
@@ -58,7 +58,14 @@ int main(int argc, char *argv[])
|
|||||||
if(arg == "ipc")
|
if(arg == "ipc")
|
||||||
{
|
{
|
||||||
Common::setupAppInfo();
|
Common::setupAppInfo();
|
||||||
enableIpcSandbox();
|
if(Common::noSandboxModeRequested())
|
||||||
|
{
|
||||||
|
qInfo() << "Launching with no sandbox!" << Qt::endl;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
enableIpcSandbox();
|
||||||
|
}
|
||||||
QApplication a(argc, argv);
|
QApplication a(argc, argv);
|
||||||
|
|
||||||
IpcServer *ipcserver = new IpcServer();
|
IpcServer *ipcserver = new IpcServer();
|
||||||
|
|||||||
@@ -157,6 +157,16 @@ QString Common::databasePath()
|
|||||||
return env;
|
return env;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool Common::noSandboxModeRequested()
|
||||||
|
{
|
||||||
|
QString env = getenv("LOOQS_DISABLE_SANDBOX");
|
||||||
|
if(env == "1")
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
QString Common::ipcSocketPath()
|
QString Common::ipcSocketPath()
|
||||||
{
|
{
|
||||||
return "/tmp/.looqs/looqs-ipc-socket";
|
return "/tmp/.looqs/looqs-ipc-socket";
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ QStringList excludedPaths();
|
|||||||
QStringList mountPaths();
|
QStringList mountPaths();
|
||||||
bool isTextFile(QFileInfo fileInfo);
|
bool isTextFile(QFileInfo fileInfo);
|
||||||
bool isMountPath(QString path);
|
bool isMountPath(QString path);
|
||||||
|
bool noSandboxModeRequested();
|
||||||
QString versionText();
|
QString versionText();
|
||||||
} // namespace Common
|
} // namespace Common
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -27,6 +27,11 @@ static QMap<QString, Processor *> processors{
|
|||||||
|
|
||||||
void SandboxedProcessor::enableSandbox(QString readablePath)
|
void SandboxedProcessor::enableSandbox(QString readablePath)
|
||||||
{
|
{
|
||||||
|
if(Common::noSandboxModeRequested())
|
||||||
|
{
|
||||||
|
qInfo() << "Sandbox is disabled!" << Qt::endl;
|
||||||
|
return;
|
||||||
|
}
|
||||||
struct exile_policy *policy = exile_init_policy();
|
struct exile_policy *policy = exile_init_policy();
|
||||||
if(policy == NULL)
|
if(policy == NULL)
|
||||||
{
|
{
|
||||||
|
|||||||
Referens i nytt ärende
Block a user