27 Commits

Author SHA1 Message Date
40207c3399 gui: Remove enableSandbox() for general GUI
While f67a37bc21 indicated the last remaining code could stay,
it can't because there is a launch failure of SandboxedProcessor.

This has been revealed by the changes of the previous commit,
aa03d0a4920e.

Hence, the GUI will be untouched by exile. We only sandbox
the preview generation and the indexing trough IPC.
2022-06-04 17:09:26 +02:00
e715be9787 gui: Fix dispatch of SandboxedProcessor
There was an off-by-one, the SandboxedProcessor was only passed
'process', not the path to the file.

No processor was found for 'process', thus 'nothingProcessor' was
returned. Therefore, we never sandboxed (because we never had
to process anything).

The sandboxing would have failed though, because we need to launch
QCoreApplication, not QApplication.

The CLI was never affected.
2022-06-04 17:09:26 +02:00
11af6e530e gui: sandbox: Add 'error' to vow_promises to avoid getting killed on ioctl() with TIOCSTI 2022-06-04 17:09:26 +02:00
ad0fc74439 ipc: Place socket in /tmp/.looqs/, remove ipc path settings 2022-05-29 11:20:28 +02:00
e44fb1a942 gui: main: Enable exile.h for IPC preview generation 2022-05-29 11:20:28 +02:00
d66e395fda gui: main: Kill IPCServer process on exit 2022-05-29 11:20:28 +02:00
0d6fb1d482 gui: mainwindow: Use new IPCPreviewClient 2022-05-29 11:20:28 +02:00
f67a37bc21 GUI: Disable general sandbox due to inpracticability
Qt is usually built with Accessibility and D-Bus. If D-Bus
connections work, a bypass should be considered trivial.
If we block D-Bus, we experience quite some slowdowns in
certain contexts. That's because Qt makes D-Bus connections
for accessibility features etc. They appear to run into timeouts,
but this slows down things. Sandboxing also makes things
like showing (native) file picker dialogs harder.

Sandboxing efforts will focus on the critical paths such as
the existing Indexer sandbox and the to be implemented sandboxing
for preview generation.

We keep no_new_privs for now as chances are that this shouldn't hurt.
2022-05-03 15:56:08 +02:00
9d160ed7a0 gui: Add icon
Not the best on dark themes, better than nothing for now.
2022-04-28 09:13:34 +02:00
a132485924 gui: enableSandbox: Don't unshare network due to slowdowns
The indexer is quite slow with unshared network namespaces. It appears something in
Qt needs it as IPC or whatever. Seeing also dbus-related errors:

Issue: #33

So disable it for now.
2022-04-24 19:40:43 +02:00
d2d576e617 gui: Call enableSandboxing() after ensureConfigured() so all paths are guaranteed to exist 2022-04-24 19:40:43 +02:00
08da6b4349 gui: main: Remove vows from exile policy
SandboxedProcessor is not launched via IPCServer at this point.
The vow set is already very big and SandboxedProcessor
would require exec too.

So use exile default policy and add some path permisisons.

Once SandboxedProcessor is handled by IPC and preview generation
is also exiled separately, it has to be reevaluated whether
it makes sense for vows to return.
2022-04-24 19:40:43 +02:00
4d0d9ba9c6 main: sandbox: Add clone vow, Use exile_vows_from_str()
Fresh ubuntu 22.04 uses clone3(). thread vow is not enough anymore.

Maybe Qt uses it now, who knows, let's just allow it for the time being.
2022-04-24 15:52:20 +02:00
0af7d4a3dc GUI: Begin new 'Indexer' tab 2022-04-15 21:06:56 +02:00
56414ee5e2 shared: Begin basic ConcurrentQueue 2022-04-15 21:06:56 +02:00
2e3b008207 gui: main: Add --no-sandbox 2022-01-04 23:44:37 +01:00
ea1d027621 gui: main: Enable sandbox post call to Common::setupAppInfo()
Move sandboxing code to own function
2022-01-04 23:27:45 +01:00
404ce22ce6 Generalize previews: Mainwindow: Do necessary renames 2022-01-04 11:24:37 +01:00
c51487c4b2 gui: Call setupAppinfo() also for the IPC server 2022-01-03 23:14:55 +01:00
bb5a793300 gui: Add vow_promises to exile policy 2022-01-03 23:14:55 +01:00
88ee2383f7 Switch to exile.h 2022-01-01 17:58:52 +01:00
890925929a GUI: Begin IPC mechanism to open files despite sandboxing 2022-01-01 17:58:52 +01:00
ebea074fcb gui: Begin basic sandboxing 2022-01-01 17:58:52 +01:00
e97551be97 Rename all symbols to new project name 2021-06-12 14:59:58 +02:00
ef78e74cdd Detect first run and initialize database and config
Relates to #1
2020-08-24 21:36:45 +02:00
13fb901044 added Common namespace. cli: use settings instead of env for db path 2020-05-23 22:52:42 +02:00
68ab917756 begin work on qt gui - basic search & pdf preview 2018-08-12 16:45:39 +02:00