gui sandbox: Allow wpath to improve poppler text rendering
Apparently poppler or something needs open() with write flags to render pdfs with proper fonts. Landlock guards file system write access, so this is fine.
This commit is contained in:
parent
0cd19b53e4
commit
efca45b88a
@ -28,7 +28,7 @@ void enableIpcSandbox()
|
|||||||
policy->namespace_options = EXILE_UNSHARE_USER | EXILE_UNSHARE_MOUNT | EXILE_UNSHARE_NETWORK;
|
policy->namespace_options = EXILE_UNSHARE_USER | EXILE_UNSHARE_MOUNT | EXILE_UNSHARE_NETWORK;
|
||||||
policy->no_new_privs = 1;
|
policy->no_new_privs = 1;
|
||||||
policy->drop_caps = 1;
|
policy->drop_caps = 1;
|
||||||
policy->vow_promises = exile_vows_from_str("thread cpath rpath unix stdio proc error");
|
policy->vow_promises = exile_vows_from_str("thread cpath rpath wpath unix stdio proc error");
|
||||||
policy->mount_path_policies_to_chroot = 1;
|
policy->mount_path_policies_to_chroot = 1;
|
||||||
|
|
||||||
QString ipcSocketPath = Common::ipcSocketPath();
|
QString ipcSocketPath = Common::ipcSocketPath();
|
||||||
|
Loading…
Reference in New Issue
Block a user