mirror of
https://git.pwmt.org/pwmt/zathura.git
synced 2024-12-28 06:16:00 +01:00
Move seccomp filter setup after config file handling
This commit is contained in:
Sebastian Ramacher
parent
0dfafe6cfb
commit
49c2d88ce6
2 changed files with 24 additions and 25 deletions
|
|
@ -18,9 +18,6 @@
|
|||
#ifdef WITH_SYNCTEX
|
||||
#include "synctex.h"
|
||||
#endif
|
||||
#ifdef WITH_SECCOMP
|
||||
#include "seccomp-filters.h"
|
||||
#endif
|
||||
|
||||
/* Init locale */
|
||||
static void
|
||||
|
|
@ -292,28 +289,6 @@ main(int argc, char* argv[])
|
|||
goto free_and_ret;
|
||||
}
|
||||
|
||||
#ifdef WITH_SECCOMP
|
||||
char* sandbox = NULL;
|
||||
girara_setting_get(zathura->ui.session, "sandbox", &sandbox);
|
||||
if (g_strcmp0(sandbox, "none") == 0) {
|
||||
girara_debug("Sandbox deactivated.");
|
||||
} else if (g_strcmp0(sandbox, "normal") == 0) {
|
||||
girara_debug("Basic sandbox allowing normal operation.");
|
||||
ret = seccomp_enable_basic_filter();
|
||||
} else if (g_strcmp0(sandbox, "strict") == 0) {
|
||||
girara_debug("Strict sandbox preventing write and network access.");
|
||||
ret = seccomp_enable_strict_filter();
|
||||
} else {
|
||||
girara_error("Invalid sandbox option");
|
||||
ret = -1;
|
||||
}
|
||||
g_free(sandbox);
|
||||
|
||||
if (ret != 0) {
|
||||
goto free_and_ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* open document if passed */
|
||||
if (file_idx != 0) {
|
||||
if (page_number > 0) {
|
||||
|
|
|
|||
|
|
@ -45,6 +45,9 @@
|
|||
#include "resources.h"
|
||||
#include "synctex.h"
|
||||
#include "content-type.h"
|
||||
#ifdef WITH_SECCOMP
|
||||
#include "seccomp-filters.h"
|
||||
#endif
|
||||
|
||||
typedef struct zathura_document_info_s {
|
||||
zathura_t* zathura;
|
||||
|
|
@ -418,6 +421,27 @@ zathura_init(zathura_t* zathura)
|
|||
config_load_default(zathura);
|
||||
config_load_files(zathura);
|
||||
|
||||
#ifdef WITH_SECCOMP
|
||||
/* initialize seccomp filters */
|
||||
switch (zathura->global.sandbox) {
|
||||
case ZATHURA_SANDBOX_NONE:
|
||||
girara_debug("Sandbox deactivated.");
|
||||
break;
|
||||
case ZATHURA_SANDBOX_NORMAL:
|
||||
girara_debug("Basic sandbox allowing normal operation.");
|
||||
if (seccomp_enable_basic_filter() != 0) {
|
||||
goto error_free;
|
||||
}
|
||||
break;
|
||||
case ZATHURA_SANDBOX_STRICT:
|
||||
girara_debug("Strict sandbox preventing write and network access.");
|
||||
if (seccomp_enable_strict_filter() != 0) {
|
||||
goto error_free;
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* UI */
|
||||
if (!init_ui(zathura)) {
|
||||
goto error_free;
|
||||
|
|
|
|||
Loading…
Reference in a new issue