Re: Tracker as a security risks

From: Tomasz Torcz <tomek pipebreaker pl>
To: desktop-devel-list gnome org
Subject: Re: Tracker as a security risks
Date: Fri, 9 Dec 2016 07:11:11 +0100

On Fri, Dec 09, 2016 at 01:35:39AM +0100, Michael Biebl wrote:

2016-12-06 0:03 GMT+01:00 Michael Catanzaro <mcatanzaro gnome org>:

On Mon, 2016-12-05 at 21:31 +0100, Carlos Garnacho wrote:

Thanks for the tip :), worth a look indeed, although I'm looking into
using seccomp directly.


Strongly consider using libseccomp for this!


Has it been considered to use the systemd sandboxing features? tracker
already ships systemd --user service files, so you'd basically get
that for free.


  Correct me if I'm wrong, but aren't systemd sandboxing features only
available to system instance?  User systemd sessions lack priviledges
to set up separate namespaces etc.

  Also, in additional to libseccomp, there's https://github.com/projectatomic/bubblewrap
for sandboxing. It is suid binary, though.

-- 
Tomasz Torcz            There exists no separation between gods and men:
xmpp: zdzichubg chrome pl   one blends softly casual into the other.

Follow-Ups:
- Re: Tracker as a security risks
  - From: Adrian Perez de Castro
- Re: Tracker as a security risks
  - From: Michael Biebl

References:
- Tracker as a security risks
  - From: Hanno Böck
- Re: Tracker as a security risks
  - From: Sam Thursfield
- Re: Tracker as a security risks
  - From: Hanno Böck
- Re: Tracker as a security risks
  - From: Carlos Garnacho
- Re: Tracker as a security risks
  - From: Philip Withnall
- Re: Tracker as a security risks
  - From: Carlos Garnacho
- Re: Tracker as a security risks
  - From: Michael Catanzaro
- Re: Tracker as a security risks
  - From: Michael Biebl

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]