crtxcr/qswiki
1
0
Fork 0
Code Issues 21 Pull Requests 1 Releases Activity

Sandbox: Remove multiple stages

Browse Source 
While interesitng in theory, there is nothing to be gained here,
because we don't really have user input at those early stages.

As we are also not a privileged process, those early stage
sandboxes in the end are not worth it, since they increase
complexity while there is no benefit in practise.

So, reduce those 3 stages to a single one (enable()), which we
activate after CLI server has launched.
This commit is contained in:
Albert S.
2021-10-03 23:46:40 +02:00
parent 257675485d
commit c4072a7e95
5 changed files with 30 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sandbox/sandbox-openbsd.h
View File

@@ -6,10 +6,6 @@ class SandboxOpenBSD : public Sandbox
{
public:
bool supported() override;
bool enableForInit() override;
bool enableForWorker() override;
private:
bool seccomp_blacklist(std::vector<int> syscalls);
bool enable(std::vector<std::string> fsPaths) override;
};
#endif