WIP/sandboxing #29
28
gui/main.cpp
28
gui/main.cpp
@ -25,7 +25,7 @@ int main(int argc, char *argv[])
|
|||||||
qDebug() << "Launching ipc";
|
qDebug() << "Launching ipc";
|
||||||
if(!ipcserver->startSpawner(socketPath))
|
if(!ipcserver->startSpawner(socketPath))
|
||||||
{
|
{
|
||||||
qDebug() << "Error failed to spawn";
|
qCritical() << "Error failed to spawn";
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
qDebug() << "Launched";
|
qDebug() << "Launched";
|
||||||
@ -43,6 +43,11 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct exile_policy *policy = exile_init_policy();
|
struct exile_policy *policy = exile_init_policy();
|
||||||
|
if(policy == NULL)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to init policy for sandbox";
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
std::string appDataLocation = QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation).toStdString();
|
std::string appDataLocation = QStandardPaths::writableLocation(QStandardPaths::AppLocalDataLocation).toStdString();
|
||||||
std::string cacheDataLocation = QStandardPaths::writableLocation(QStandardPaths::CacheLocation).toStdString();
|
std::string cacheDataLocation = QStandardPaths::writableLocation(QStandardPaths::CacheLocation).toStdString();
|
||||||
std::string sockPath = socketPath.toStdString();
|
std::string sockPath = socketPath.toStdString();
|
||||||
@ -51,10 +56,25 @@ int main(int argc, char *argv[])
|
|||||||
EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_STDIO |
|
EXILE_SYSCALL_VOW_RPATH | EXILE_SYSCALL_VOW_UNIX | EXILE_SYSCALL_VOW_STDIO |
|
||||||
EXILE_SYSCALL_VOW_PROT_EXEC | EXILE_SYSCALL_VOW_PROC | EXILE_SYSCALL_VOW_SHM |
|
EXILE_SYSCALL_VOW_PROT_EXEC | EXILE_SYSCALL_VOW_PROC | EXILE_SYSCALL_VOW_SHM |
|
||||||
EXILE_SYSCALL_VOW_FSNOTIFY | EXILE_SYSCALL_VOW_IOCTL;
|
EXILE_SYSCALL_VOW_FSNOTIFY | EXILE_SYSCALL_VOW_IOCTL;
|
||||||
exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/");
|
|
||||||
exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, appDataLocation.c_str());
|
|
||||||
exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, cacheDataLocation.c_str());
|
|
||||||
|
|
||||||
|
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_REMOVE_FILE, "/") != 0)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to append a path to the path policy";
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, appDataLocation.c_str()) !=
|
||||||
|
0)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to append a path to the path policy";
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if(exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE,
|
||||||
|
cacheDataLocation.c_str()) != 0)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to append a path to the path policy";
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
int ret = exile_enable_policy(policy);
|
int ret = exile_enable_policy(policy);
|
||||||
if(ret != 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
|
Ladataan…
Viittaa uudesa ongelmassa
Block a user