提交線圖

20 次程式碼提交

作者 SHA1 備註 日期
f67a37bc21 GUI: Disable general sandbox due to inpracticability
Qt is usually built with Accessibility and D-Bus. If D-Bus
connections work, a bypass should be considered trivial.
If we block D-Bus, we experience quite some slowdowns in
certain contexts. That's because Qt makes D-Bus connections
for accessibility features etc. They appear to run into timeouts,
but this slows down things. Sandboxing also makes things
like showing (native) file picker dialogs harder.

Sandboxing efforts will focus on the critical paths such as
the existing Indexer sandbox and the to be implemented sandboxing
for preview generation.

We keep no_new_privs for now as chances are that this shouldn't hurt.
2022-05-03 15:56:08 +02:00
9d160ed7a0 gui: Add icon
Not the best on dark themes, better than nothing for now.
2022-04-28 09:13:34 +02:00
a132485924 gui: enableSandbox: Don't unshare network due to slowdowns
The indexer is quite slow with unshared network namespaces. It appears something in
Qt needs it as IPC or whatever. Seeing also dbus-related errors:

Issue: #33

So disable it for now.
2022-04-24 19:40:43 +02:00
d2d576e617 gui: Call enableSandboxing() after ensureConfigured() so all paths are guaranteed to exist 2022-04-24 19:40:43 +02:00
08da6b4349 gui: main: Remove vows from exile policy
SandboxedProcessor is not launched via IPCServer at this point.
The vow set is already very big and SandboxedProcessor
would require exec too.

So use exile default policy and add some path permisisons.

Once SandboxedProcessor is handled by IPC and preview generation
is also exiled separately, it has to be reevaluated whether
it makes sense for vows to return.
2022-04-24 19:40:43 +02:00
4d0d9ba9c6 main: sandbox: Add clone vow, Use exile_vows_from_str()
Fresh ubuntu 22.04 uses clone3(). thread vow is not enough anymore.

Maybe Qt uses it now, who knows, let's just allow it for the time being.
2022-04-24 15:52:20 +02:00
0af7d4a3dc GUI: Begin new 'Indexer' tab 2022-04-15 21:06:56 +02:00
56414ee5e2 shared: Begin basic ConcurrentQueue 2022-04-15 21:06:56 +02:00
2e3b008207 gui: main: Add --no-sandbox 2022-01-04 23:44:37 +01:00
ea1d027621 gui: main: Enable sandbox post call to Common::setupAppInfo()
Move sandboxing code to own function
2022-01-04 23:27:45 +01:00
404ce22ce6 Generalize previews: Mainwindow: Do necessary renames 2022-01-04 11:24:37 +01:00
c51487c4b2 gui: Call setupAppinfo() also for the IPC server 2022-01-03 23:14:55 +01:00
bb5a793300 gui: Add vow_promises to exile policy 2022-01-03 23:14:55 +01:00
88ee2383f7 Switch to exile.h 2022-01-01 17:58:52 +01:00
890925929a GUI: Begin IPC mechanism to open files despite sandboxing 2022-01-01 17:58:52 +01:00
ebea074fcb gui: Begin basic sandboxing 2022-01-01 17:58:52 +01:00
e97551be97 Rename all symbols to new project name 2021-06-12 14:59:58 +02:00
ef78e74cdd Detect first run and initialize database and config
Relates to #1
2020-08-24 21:36:45 +02:00
13fb901044 added Common namespace. cli: use settings instead of env for db path 2020-05-23 22:52:42 +02:00
68ab917756 begin work on qt gui - basic search & pdf preview 2018-08-12 16:45:39 +02:00