From 921485378d1f194e13ee5f071d062491d9cc7f83 Mon Sep 17 00:00:00 2001
From: Sebastian Ramacher <sebastian@ramacher.at>
Date: Sat, 9 Dec 2023 10:15:55 +0100
Subject: [PATCH] CS

---
 zathura/seccomp-filters.c | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/zathura/seccomp-filters.c b/zathura/seccomp-filters.c
index 039fe64..fa88450 100644
--- a/zathura/seccomp-filters.c
+++ b/zathura/seccomp-filters.c
@@ -153,7 +153,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
    * allowing for a potential fallback function to execute 
    * scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ERRNO(ENOSYS));*/
   scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL_PROCESS);
-  if (ctx == NULL){
+  if (ctx == NULL) {
     girara_error("seccomp_init failed");
     return -1;
   }
@@ -254,7 +254,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
 #ifdef GDK_WINDOWING_X11
   GdkDisplay* display = gtk_widget_get_display(zathura->ui.session->gtk.view);
 
-  if (GDK_IS_X11_DISPLAY (display)) {
+  if (GDK_IS_X11_DISPLAY(display)) {
     girara_debug("On X11, supporting X11 syscalls");
     girara_warning("Running strict sandbox mode on X11 provides only \
         incomplete process isolation.");
@@ -269,14 +269,13 @@ seccomp_enable_strict_filter(zathura_t* zathura)
     ALLOW_RULE(connect);
     ALLOW_RULE(umask);
     ALLOW_RULE(uname);
-    ALLOW_RULE(shmat); 
+    ALLOW_RULE(shmat);
     ALLOW_RULE(shmctl);
     ALLOW_RULE(shmdt);
     ALLOW_RULE(shmget);
     ALLOW_RULE(recvfrom);
     ALLOW_RULE(writev); /* pwritev, pwritev2 */
-  }
-  else {
+  } else {
     girara_debug("On Wayland, blocking X11 syscalls");
   }
 #endif
@@ -346,9 +345,6 @@ seccomp_enable_strict_filter(zathura_t* zathura)
   ERRNO_RULE(fchmodat2);
 #endif
 
-
-
-
   /* Sandbox Status Notes:
    *
    * write: no actual files on the filesystem are opened with write permissions 
@@ -373,11 +369,9 @@ seccomp_enable_strict_filter(zathura_t* zathura)
    *
    */
 
-
   /* when zathura is run on wayland, with X11 server available but blocked, unset the DISPLAY variable */
   /* otherwise it will try to connect to X11 using inet socket protocol */
 
-
   /* applying filter... */
   if (seccomp_load(ctx) >= 0) {
     /* free ctx after the filter has been loaded into the kernel */