WIP/exiled_previews -> dev #36
26
gui/main.cpp
26
gui/main.cpp
@ -32,6 +32,31 @@ void enableSandbox()
|
|||||||
}
|
}
|
||||||
exile_free_policy(policy);
|
exile_free_policy(policy);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void enableIpcSandbox(QString socketPath)
|
||||||
|
{
|
||||||
|
struct exile_policy *policy = exile_create_policy();
|
||||||
|
if(policy == NULL)
|
||||||
|
{
|
||||||
|
qCritical() << "Failed to init policy for sandbox";
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
policy->namespace_options = EXILE_UNSHARE_NETWORK | EXILE_UNSHARE_USER;
|
||||||
|
policy->no_new_privs = 1;
|
||||||
|
policy->drop_caps = 1;
|
||||||
|
policy->vow_promises = exile_vows_from_str("thread cpath wpath rpath unix stdio prot_exec proc shm fsnotify ioctl");
|
||||||
|
|
||||||
|
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ, "/");
|
||||||
|
exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, "/tmp");
|
||||||
|
int ret = exile_enable_policy(policy);
|
||||||
|
if(ret != 0)
|
||||||
|
{
|
||||||
|
qDebug() << "Failed to establish sandbox";
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
exile_free_policy(policy);
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
QString socketPath = "/tmp/looqs-spawner";
|
QString socketPath = "/tmp/looqs-spawner";
|
||||||
@ -41,6 +66,7 @@ int main(int argc, char *argv[])
|
|||||||
if(arg == "ipc")
|
if(arg == "ipc")
|
||||||
{
|
{
|
||||||
Common::setupAppInfo();
|
Common::setupAppInfo();
|
||||||
|
enableIpcSandbox(socketPath);
|
||||||
QApplication a(argc, argv);
|
QApplication a(argc, argv);
|
||||||
|
|
||||||
IpcServer *ipcserver = new IpcServer();
|
IpcServer *ipcserver = new IpcServer();
|
||||||
|
Loading…
x
Reference in New Issue
Block a user