crtxcr
/
looqs
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

shared: SandboxedProcessor: Enable fallback for non-landlock systems 

Unless it's a processor that does not need fs access, this would
fail on systems without landlock, so we must fallback to
chroot() etc. again.
This commit is contained in:
Albert S. 2022-06-09 09:37:10 +02:00
parent f29f997289
commit e76988ee77
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
shared/sandboxedprocessor.cpp
View File

@ -35,7 +35,7 @@ void SandboxedProcessor::enableSandbox(QString readablePath)
struct exile_policy *policy = exile_init_policy();
if(policy == NULL)
{
qCritical() << "Could not init exile";
qCritical() << "Could not init exile" << Qt::endl;
exit(EXIT_FAILURE);
}
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
@ -43,6 +43,8 @@ void SandboxedProcessor::enableSandbox(QString readablePath)
std::string readablePathLocation;
if(!readablePath.isEmpty())
{
policy->namespace_options |= EXILE_UNSHARE_MOUNT;
policy->mount_path_policies_to_chroot = 1;
readablePathLocation = readablePath.toStdString();
if(exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, readablePathLocation.c_str()) != 0)
{