mirrors/zathura
1
0
Fork 0
mirror of https://git.pwmt.org/pwmt/zathura.git synced 2024-12-26 22:06:00 +01:00
Code Issues Projects Releases Packages Wiki Activity

CS

Browse source
This commit is contained in:
Sebastian Ramacher 2023-12-09 10:15:55 +01:00
parent 3ca6b9c837
commit 921485378d
1 changed files with 4 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
zathura/seccomp-filters.c
View file

@ -275,8 +275,7 @@ seccomp_enable_strict_filter(zathura_t* zathura)
ALLOW_RULE(shmget); ALLOW_RULE(shmget);
ALLOW_RULE(recvfrom); ALLOW_RULE(recvfrom);
ALLOW_RULE(writev); /* pwritev, pwritev2 */ ALLOW_RULE(writev); /* pwritev, pwritev2 */
} } else {
else {
girara_debug("On Wayland, blocking X11 syscalls"); girara_debug("On Wayland, blocking X11 syscalls");
} }
#endif #endif
@ -346,9 +345,6 @@ seccomp_enable_strict_filter(zathura_t* zathura)
ERRNO_RULE(fchmodat2); ERRNO_RULE(fchmodat2);
#endif #endif
/* Sandbox Status Notes: /* Sandbox Status Notes:
* *
* write: no actual files on the filesystem are opened with write permissions * write: no actual files on the filesystem are opened with write permissions
@ -373,11 +369,9 @@ seccomp_enable_strict_filter(zathura_t* zathura)
* *
*/ */
/* when zathura is run on wayland, with X11 server available but blocked, unset the DISPLAY variable */ /* when zathura is run on wayland, with X11 server available but blocked, unset the DISPLAY variable */
/* otherwise it will try to connect to X11 using inet socket protocol */ /* otherwise it will try to connect to X11 using inet socket protocol */
/* applying filter... */ /* applying filter... */
if (seccomp_load(ctx) >= 0) { if (seccomp_load(ctx) >= 0) {
/* free ctx after the filter has been loaded into the kernel */ /* free ctx after the filter has been loaded into the kernel */