[gnome-desktop/wip/hadess/sandbox-flatpak-thumbnailer: 1/5] thumbnail: Prepare for additional sandboxing types
- From: Bastien Nocera <hadess src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-desktop/wip/hadess/sandbox-flatpak-thumbnailer: 1/5] thumbnail: Prepare for additional sandboxing types
- Date: Fri, 9 Oct 2020 12:47:43 +0000 (UTC)
commit 74dc751ea1c78d170b829156fc74468605c69c3f
Author: Bastien Nocera <hadess hadess net>
Date: Thu Oct 8 13:51:01 2020 +0200
thumbnail: Prepare for additional sandboxing types
Use an enum instead of a boolean to track which type of sandbox
mechanism to use.
libgnome-desktop/gnome-desktop-thumbnail-script.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
---
diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c
b/libgnome-desktop/gnome-desktop-thumbnail-script.c
index cfbbad04..95741301 100644
--- a/libgnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/libgnome-desktop/gnome-desktop-thumbnail-script.c
@@ -43,8 +43,13 @@
#include "gnome-desktop-thumbnail-script.h"
+typedef enum {
+ SANDBOX_TYPE_NONE,
+ SANDBOX_TYPE_BWRAP
+} SandboxType;
+
typedef struct {
- gboolean sandbox;
+ SandboxType sandbox;
char *thumbnailer_name;
GArray *fd_array;
/* Input/output file paths outside the sandbox */
@@ -631,7 +636,7 @@ expand_thumbnailing_cmd (const char *cmd,
array = g_ptr_array_new_with_free_func (g_free);
#ifdef HAVE_BWRAP
- if (script->sandbox)
+ if (script->sandbox == SANDBOX_TYPE_BWRAP)
{
if (!add_bwrap (array, script))
{
@@ -643,7 +648,7 @@ expand_thumbnailing_cmd (const char *cmd,
#endif
#ifdef ENABLE_SECCOMP
- if (script->sandbox)
+ if (script->sandbox == SANDBOX_TYPE_BWRAP)
{
const char *arch;
@@ -771,7 +776,7 @@ script_exec_new (const char *uri,
* Flatpak as all privileges to create a new namespace are dropped when
* the initial one is created. */
if (!g_file_test ("/.flatpak-info", G_FILE_TEST_IS_REGULAR))
- exec->sandbox = TRUE;
+ exec->sandbox = SANDBOX_TYPE_BWRAP;
#endif
file = g_file_new_for_uri (uri);
@@ -785,7 +790,7 @@ script_exec_new (const char *uri,
}
#ifdef HAVE_BWRAP
- if (exec->sandbox)
+ if (exec->sandbox == SANDBOX_TYPE_BWRAP)
{
char *tmpl;
const char *infile;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]