From e76988ee7779dcdd6e99be030b2d311fe7dbc508 Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Thu, 9 Jun 2022 09:37:10 +0200
Subject: [PATCH] shared: SandboxedProcessor: Enable fallback for non-landlock
 systems

Unless it's a processor that does not need fs access, this would
fail on systems without landlock, so we must fallback to
chroot() etc. again.
---
 shared/sandboxedprocessor.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/shared/sandboxedprocessor.cpp b/shared/sandboxedprocessor.cpp
index c45a0ab..011df6f 100644
--- a/shared/sandboxedprocessor.cpp
+++ b/shared/sandboxedprocessor.cpp
@@ -35,7 +35,7 @@ void SandboxedProcessor::enableSandbox(QString readablePath)
 	struct exile_policy *policy = exile_init_policy();
 	if(policy == NULL)
 	{
-		qCritical() << "Could not init exile";
+		qCritical() << "Could not init exile" << Qt::endl;
 		exit(EXIT_FAILURE);
 	}
 	policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
@@ -43,6 +43,8 @@ void SandboxedProcessor::enableSandbox(QString readablePath)
 	std::string readablePathLocation;
 	if(!readablePath.isEmpty())
 	{
+		policy->namespace_options |= EXILE_UNSHARE_MOUNT;
+		policy->mount_path_policies_to_chroot = 1;
 		readablePathLocation = readablePath.toStdString();
 		if(exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, readablePathLocation.c_str()) != 0)
 		{