gui: main: Enable exile.h for IPC preview generation

Этот коммит содержится в:
Albert S. 2022-05-29 09:23:37 +02:00
родитель a43ab169b5
Коммит d39157b58d

Просмотреть файл

@ -32,6 +32,31 @@ void enableSandbox()
}
exile_free_policy(policy);
}
void enableIpcSandbox(QString socketPath)
{
struct exile_policy *policy = exile_create_policy();
if(policy == NULL)
{
qCritical() << "Failed to init policy for sandbox";
exit(EXIT_FAILURE);
}
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
policy->no_new_privs = 1;
policy->drop_caps = 1;
policy->vow_promises = exile_vows_from_str("thread cpath wpath rpath unix stdio prot_exec proc shm fsnotify ioctl");
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/");
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, "/tmp");
int ret = exile_enable_policy(policy);
if(ret != 0)
{
qDebug() << "Failed to establish sandbox";
exit(EXIT_FAILURE);
}
exile_free_policy(policy);
}
int main(int argc, char *argv[])
{
QString socketPath = "/tmp/looqs-spawner";
@ -41,6 +66,7 @@ int main(int argc, char *argv[])
if(arg == "ipc")
{
Common::setupAppInfo();
enableIpcSandbox(socketPath);
QApplication a(argc, argv);
IpcServer *ipcserver = new IpcServer();