mirror of
https://git.pwmt.org/pwmt/zathura.git
synced 2024-12-29 11:55:59 +01:00
Move seccomp filter setup after config file handling
This commit is contained in:
parent
0dfafe6cfb
commit
49c2d88ce6
2 changed files with 24 additions and 25 deletions
|
@ -18,9 +18,6 @@
|
||||||
#ifdef WITH_SYNCTEX
|
#ifdef WITH_SYNCTEX
|
||||||
#include "synctex.h"
|
#include "synctex.h"
|
||||||
#endif
|
#endif
|
||||||
#ifdef WITH_SECCOMP
|
|
||||||
#include "seccomp-filters.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Init locale */
|
/* Init locale */
|
||||||
static void
|
static void
|
||||||
|
@ -292,28 +289,6 @@ main(int argc, char* argv[])
|
||||||
goto free_and_ret;
|
goto free_and_ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_SECCOMP
|
|
||||||
char* sandbox = NULL;
|
|
||||||
girara_setting_get(zathura->ui.session, "sandbox", &sandbox);
|
|
||||||
if (g_strcmp0(sandbox, "none") == 0) {
|
|
||||||
girara_debug("Sandbox deactivated.");
|
|
||||||
} else if (g_strcmp0(sandbox, "normal") == 0) {
|
|
||||||
girara_debug("Basic sandbox allowing normal operation.");
|
|
||||||
ret = seccomp_enable_basic_filter();
|
|
||||||
} else if (g_strcmp0(sandbox, "strict") == 0) {
|
|
||||||
girara_debug("Strict sandbox preventing write and network access.");
|
|
||||||
ret = seccomp_enable_strict_filter();
|
|
||||||
} else {
|
|
||||||
girara_error("Invalid sandbox option");
|
|
||||||
ret = -1;
|
|
||||||
}
|
|
||||||
g_free(sandbox);
|
|
||||||
|
|
||||||
if (ret != 0) {
|
|
||||||
goto free_and_ret;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* open document if passed */
|
/* open document if passed */
|
||||||
if (file_idx != 0) {
|
if (file_idx != 0) {
|
||||||
if (page_number > 0) {
|
if (page_number > 0) {
|
||||||
|
|
|
@ -45,6 +45,9 @@
|
||||||
#include "resources.h"
|
#include "resources.h"
|
||||||
#include "synctex.h"
|
#include "synctex.h"
|
||||||
#include "content-type.h"
|
#include "content-type.h"
|
||||||
|
#ifdef WITH_SECCOMP
|
||||||
|
#include "seccomp-filters.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
typedef struct zathura_document_info_s {
|
typedef struct zathura_document_info_s {
|
||||||
zathura_t* zathura;
|
zathura_t* zathura;
|
||||||
|
@ -418,6 +421,27 @@ zathura_init(zathura_t* zathura)
|
||||||
config_load_default(zathura);
|
config_load_default(zathura);
|
||||||
config_load_files(zathura);
|
config_load_files(zathura);
|
||||||
|
|
||||||
|
#ifdef WITH_SECCOMP
|
||||||
|
/* initialize seccomp filters */
|
||||||
|
switch (zathura->global.sandbox) {
|
||||||
|
case ZATHURA_SANDBOX_NONE:
|
||||||
|
girara_debug("Sandbox deactivated.");
|
||||||
|
break;
|
||||||
|
case ZATHURA_SANDBOX_NORMAL:
|
||||||
|
girara_debug("Basic sandbox allowing normal operation.");
|
||||||
|
if (seccomp_enable_basic_filter() != 0) {
|
||||||
|
goto error_free;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case ZATHURA_SANDBOX_STRICT:
|
||||||
|
girara_debug("Strict sandbox preventing write and network access.");
|
||||||
|
if (seccomp_enable_strict_filter() != 0) {
|
||||||
|
goto error_free;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* UI */
|
/* UI */
|
||||||
if (!init_ui(zathura)) {
|
if (!init_ui(zathura)) {
|
||||||
goto error_free;
|
goto error_free;
|
||||||
|
|
Loading…
Reference in a new issue