Re: Tracker as a security risks
- From: Tomasz Torcz <tomek pipebreaker pl>
- To: desktop-devel-list gnome org
- Subject: Re: Tracker as a security risks
- Date: Fri, 9 Dec 2016 07:11:11 +0100
On Fri, Dec 09, 2016 at 01:35:39AM +0100, Michael Biebl wrote:
2016-12-06 0:03 GMT+01:00 Michael Catanzaro <mcatanzaro gnome org>:
On Mon, 2016-12-05 at 21:31 +0100, Carlos Garnacho wrote:
Thanks for the tip :), worth a look indeed, although I'm looking into
using seccomp directly.
Strongly consider using libseccomp for this!
Has it been considered to use the systemd sandboxing features? tracker
already ships systemd --user service files, so you'd basically get
that for free.
Correct me if I'm wrong, but aren't systemd sandboxing features only
available to system instance? User systemd sessions lack priviledges
to set up separate namespaces etc.
Also, in additional to libseccomp, there's https://github.com/projectatomic/bubblewrap
for sandboxing. It is suid binary, though.
--
Tomasz Torcz There exists no separation between gods and men:
xmpp: zdzichubg chrome pl one blends softly casual into the other.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]