[tracker-miners/wip/carlosg/better-extractor-errors: 4/5] tracker-extract: Enable sandbox for commandline invocations
- From: Carlos Garnacho <carlosg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [tracker-miners/wip/carlosg/better-extractor-errors: 4/5] tracker-extract: Enable sandbox for commandline invocations
- Date: Thu, 12 Nov 2020 23:28:55 +0000 (UTC)
commit cc518b6221cdd5abac1f64f508fb199aab7a4fc5
Author: Carlos Garnacho <carlosg gnome org>
Date: Wed Nov 11 11:12:27 2020 +0100
tracker-extract: Enable sandbox for commandline invocations
We don't initialize the sandbox in commandline invocations, which
has 2 downsides:
- Users may get sandbox exceptions trapped in journalctl/coredumpctl,
but not be able to reproduce easily on the command line.
- Should a vulnerability exist in our dependencies, users could
potentially run head first into them.
It seems a good idea to enable the sandbox also for commandline
invocations.
src/tracker-extract/tracker-extract.c | 3 +++
1 file changed, 3 insertions(+)
---
diff --git a/src/tracker-extract/tracker-extract.c b/src/tracker-extract/tracker-extract.c
index 3bd7b4b35..29c5df384 100644
--- a/src/tracker-extract/tracker-extract.c
+++ b/src/tracker-extract/tracker-extract.c
@@ -695,6 +695,9 @@ tracker_extract_get_metadata_by_cmdline (TrackerExtract *object,
NULL,
&task->func);
+ if (!tracker_seccomp_init ())
+ g_assert_not_reached ();
+
if (!filter_module (object, task->module) &&
get_file_metadata (task, &info, NULL)) {
resource = tracker_extract_info_get_resource (info);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]