shared: SandboxedProcessor: Enable fallback for non-landlock systems
Unless it's a processor that does not need fs access, this would fail on systems without landlock, so we must fallback to chroot() etc. again.
Bu işleme şunda yer alıyor:
ebeveyn
f29f997289
işleme
e76988ee77
@ -35,7 +35,7 @@ void SandboxedProcessor::enableSandbox(QString readablePath)
|
|||||||
struct exile_policy *policy = exile_init_policy();
|
struct exile_policy *policy = exile_init_policy();
|
||||||
if(policy == NULL)
|
if(policy == NULL)
|
||||||
{
|
{
|
||||||
qCritical() << "Could not init exile";
|
qCritical() << "Could not init exile" << Qt::endl;
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
|
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
|
||||||
@ -43,6 +43,8 @@ void SandboxedProcessor::enableSandbox(QString readablePath)
|
|||||||
std::string readablePathLocation;
|
std::string readablePathLocation;
|
||||||
if(!readablePath.isEmpty())
|
if(!readablePath.isEmpty())
|
||||||
{
|
{
|
||||||
|
policy->namespace_options |= EXILE_UNSHARE_MOUNT;
|
||||||
|
policy->mount_path_policies_to_chroot = 1;
|
||||||
readablePathLocation = readablePath.toStdString();
|
readablePathLocation = readablePath.toStdString();
|
||||||
if(exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, readablePathLocation.c_str()) != 0)
|
if(exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, readablePathLocation.c_str()) != 0)
|
||||||
{
|
{
|
||||||
|
Yükleniyor…
Yeni konuda referans
Bir kullanıcı engelle