From f0260ee14a4e12b1eddaf7eb60c8e1713e6310e0 Mon Sep 17 00:00:00 2001 From: Albert S Date: Wed, 29 Dec 2021 11:51:52 +0100 Subject: [PATCH] gui: Add vow_promises to exile policy --- gui/main.cpp | 5 ++++- submodules/exile.h | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/gui/main.cpp b/gui/main.cpp index 02819c6..aeb91eb 100644 --- a/gui/main.cpp +++ b/gui/main.cpp @@ -46,7 +46,10 @@ int main(int argc, char *argv[]) std::string cacheDataLocation = QStandardPaths::writableLocation(QStandardPaths::CacheLocation).toStdString(); std::string sockPath = socketPath.toStdString(); policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER; - + policy->vow_promises = EXILE_SYSCALL_VOW_THREAD | EXILE_SYSCALL_VOW_CPATH | EXILE_SYSCALL_VOW_WPATH | + EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_STDIO | + EXILE_SYSCALL_VOW_PROT_EXEC | EXILE_SYSCALL_VOW_PROC | EXILE_SYSCALL_VOW_SHM | + EXILE_SYSCALL_VOW_FSNOTIFY | EXILE_SYSCALL_VOW_IOCTL; exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/"); exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, appDataLocation.c_str()); exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, cacheDataLocation.c_str()); diff --git a/submodules/exile.h b/submodules/exile.h index d742397..4824c6e 160000 --- a/submodules/exile.h +++ b/submodules/exile.h @@ -1 +1 @@ -Subproject commit d742397b522eb91513bab54a3aa992dfb7121462 +Subproject commit 4824c6eaa9043878daaba7b3778338f5bf913f06