From 0e5dc9f284a417fd560498466908ce8cdc2114db Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Sun, 8 Jul 2018 12:17:53 +0200
Subject: [PATCH] seccomp fixes

---
 README                    | 8 +++++---
 meson_options.txt         | 2 +-
 zathura/seccomp-filters.c | 6 +++---
 zathura/zathura.c         | 2 ++
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/README b/README
index 092d492..34f056b 100644
--- a/README
+++ b/README
@@ -33,9 +33,11 @@ The use of magic to detect mime types is optional and can be disabled by
 configuring the build system with -Denable-magic=false.
 
 The use of seccomp to create a sandboxed environment is optional and can be
-enabled by configure the build system with -Denable-seccomp=true. Note that the
-sandbox is currently only available as experimental preview. Some commands,
-shortcuts and other functionality might break.
+disabled by configure the build system with -Denable-seccomp=false.
+The sandbox will by default be set to "normal" mode, which should not interfere
+with the normal operation of zathura. For strict sandbox mode set "sandbox strict"
+in zathurarc. Strict sandbox mode will reduce the available functionality of zathura
+and provide a read only document viewer.
 
 Installation
 ------------
diff --git a/meson_options.txt b/meson_options.txt
index 85c5a58..a1c899a 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -15,6 +15,6 @@ option('enable-magic',
 )
 option('enable-seccomp',
   type: 'boolean',
-  value: false,
+  value: true,
   description: 'Enable experimental seccomp support if available.'
 )
diff --git a/zathura/seccomp-filters.c b/zathura/seccomp-filters.c
index 53f86a2..db97c0f 100644
--- a/zathura/seccomp-filters.c
+++ b/zathura/seccomp-filters.c
@@ -248,17 +248,17 @@ seccomp_enable_strict_filter(void)
 
   /* special restrictions for openat, prevent opening files for writing */
   if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
-                        SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0) {
+                        SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0) {
     goto out;
   }
 
   if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
-                        SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0) {
+                        SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0) {
     goto out;
   }
 
   if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
-                        SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) {
+                        SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) {
     goto out;
   }
 
diff --git a/zathura/zathura.c b/zathura/zathura.c
index cb0d267..8ee85a4 100644
--- a/zathura/zathura.c
+++ b/zathura/zathura.c
@@ -442,6 +442,8 @@ zathura_init(zathura_t* zathura)
       if (seccomp_enable_strict_filter() != 0) {
         goto error_free;
       }
+      /* unset the input method to avoid communication with external services */
+      unsetenv("GTK_IM_MODULE");
       break;
   }
 #endif