Merge branch 'valoq/zathura-master' into develop

2024-12-28 21:16:00 +01:00 · 2018-07-26 11:14:17 +02:00 · 2018-07-26 11:14:17 +02:00 · 67d2b29a3b
commit 67d2b29a3b
parent 2a48d2df0f cb6922f7cf
5 changed files with 17 additions and 7 deletions
--- a/8
+++ b/8
@ -33,9 +33,11 @@ The use of magic to detect mime types is optional and can be disabled by
 configuring the build system with -Denable-magic=false.

 The use of seccomp to create a sandboxed environment is optional and can be
-enabled by configure the build system with -Denable-seccomp=true. Note that the
-sandbox is currently only available as experimental preview. Some commands,
-shortcuts and other functionality might break.
+disabled by configure the build system with -Denable-seccomp=false.
+The sandbox will by default be set to "normal" mode, which should not interfere
+with the normal operation of zathura. For strict sandbox mode set "sandbox strict"
+in zathurarc. Strict sandbox mode will reduce the available functionality of zathura
+and provide a read only document viewer.

 Installation
 ------------
--- a/doc/man/zathurarc.5.rst
+++ b/doc/man/zathurarc.5.rst
@ -1057,6 +1057,12 @@ is a read only sandbox that is intended for viewing documents only.
 * Value type: String
 * Default value: normal

+Blocked features in strcit sandbox mode:
+- saving/writing files
+- use of input methods like ibus
+- printing
+- bookmarks and history
+
 SEE ALSO
 ========

--- a/meson_options.txt
+++ b/meson_options.txt
@ -15,6 +15,6 @@ option('enable-magic',
 )
 option('enable-seccomp',
  type: 'boolean',
-  value: false,
+  value: true,
  description: 'Enable experimental seccomp support if available.'
 )
--- a/zathura/seccomp-filters.c
+++ b/zathura/seccomp-filters.c
@ -248,17 +248,17 @@ seccomp_enable_strict_filter(void)

  /* special restrictions for openat, prevent opening files for writing */
  if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
-                        SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0) {
+                        SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0) {
    goto out;
  }

  if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
-                        SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0) {
+                        SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0) {
    goto out;
  }

  if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
-                        SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) {
+                        SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) {
    goto out;
  }

--- a/zathura/zathura.c
+++ b/zathura/zathura.c
@ -442,6 +442,8 @@ zathura_init(zathura_t* zathura)
      if (seccomp_enable_strict_filter() != 0) {
        goto error_free;
      }
+      /* unset the input method to avoid communication with external services */
+      unsetenv("GTK_IM_MODULE");
      break;
  }
 #endif