mirrors/zathura
1
0
Fork 0
mirror of https://git.pwmt.org/pwmt/zathura.git synced 2024-12-27 13:56:00 +01:00
Code Issues Projects Releases Packages Wiki Activity

update documentation

Browse source
This commit is contained in:
valoq 2022-05-08 14:29:06 +02:00
parent 076cec96b5
commit 47c67b53bd
Failed to generate hash of commit
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/man/zathurarc.5.rst
View file

@ -967,6 +967,9 @@ zathura
* printing * printing
* bookmarks and history * bookmarks and history
The strict sandbox mode is still experimental with some libc implementations.
Currently supported and tested libc implementations: glibc
No feature regressions are expected when using normal sandbox mode. No feature regressions are expected when using normal sandbox mode.
When running under WSL, the default is "none" since seccomp is not supported in When running under WSL, the default is "none" since seccomp is not supported in

5
zathura/seccomp-filters.c
View file

@ -106,13 +106,16 @@ seccomp_enable_basic_filter(void)
DENY_RULE(uselib); DENY_RULE(uselib);
DENY_RULE(vmsplice); DENY_RULE(vmsplice);
/*TODO /*
* *
* In case this basic filter is actually triggered, print a clear error message to report this * In case this basic filter is actually triggered, print a clear error message to report this
* The syscalls here should never be executed by an unprivileged process * The syscalls here should never be executed by an unprivileged process
* *
* */ * */
girara_debug("Using a basic seccomp filter to blacklist privileged system calls! \
Errors reporting 'bad system call' may be an indicator of compromise");
/* applying filter... */ /* applying filter... */
if (seccomp_load(ctx) >= 0) { if (seccomp_load(ctx) >= 0) {
/* free ctx after the filter has been loaded into the kernel */ /* free ctx after the filter has been loaded into the kernel */