crtxcr/looqs
1
0
派生 0
代码 工单 合并请求 1 版本发布 百科 动态

WIP/exiled_previews -> dev #36

已关闭
crtxcr 请求将 13 次代码提交从 WIP/exiled_previews 合并至 dev
拉取从: WIP/exiled_previews
合并到: crtxcr:dev
对话内容 0 代码提交 13 文件变动 12 +26
共有 1 个文件被更改,包括 26 次插入0 次删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件
仅显示提交 d39157b58d 的更改 - 显示所有提交

26
gui/main.cpp
查看文件

@@ -32,6 +32,31 @@ void enableSandbox()
} }
exile_free_policy(policy); exile_free_policy(policy);
} }
void enableIpcSandbox(QString socketPath)
{
struct exile_policy *policy = exile_create_policy();
if(policy == NULL)
{
qCritical() << "Failed to init policy for sandbox";
exit(EXIT_FAILURE);
}
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
policy->no_new_privs = 1;
policy->drop_caps = 1;
policy->vow_promises = exile_vows_from_str("thread cpath wpath rpath unix stdio prot_exec proc shm fsnotify ioctl");
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/");
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, "/tmp");
int ret = exile_enable_policy(policy);
if(ret != 0)
{
qDebug() << "Failed to establish sandbox";
exit(EXIT_FAILURE);
}
exile_free_policy(policy);
}
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
QString socketPath = "/tmp/looqs-spawner"; QString socketPath = "/tmp/looqs-spawner";
@@ -41,6 +66,7 @@ int main(int argc, char *argv[])
if(arg == "ipc") if(arg == "ipc")
{ {
Common::setupAppInfo(); Common::setupAppInfo();
enableIpcSandbox(socketPath);
QApplication a(argc, argv); QApplication a(argc, argv);
IpcServer *ipcserver = new IpcServer(); IpcServer *ipcserver = new IpcServer();