Re: Tracker as a security risks



2016-12-09 7:11 GMT+01:00 Tomasz Torcz <tomek pipebreaker pl>:
On Fri, Dec 09, 2016 at 01:35:39AM +0100, Michael Biebl wrote:
2016-12-06 0:03 GMT+01:00 Michael Catanzaro <mcatanzaro gnome org>:
On Mon, 2016-12-05 at 21:31 +0100, Carlos Garnacho wrote:
Thanks for the tip :), worth a look indeed, although I'm looking into
using seccomp directly.

Strongly consider using libseccomp for this!

Has it been considered to use the systemd sandboxing features? tracker
already ships systemd --user service files, so you'd basically get
that for free.

  Correct me if I'm wrong, but aren't systemd sandboxing features only
available to system instance?  User systemd sessions lack priviledges
to set up separate namespaces etc.

The seccomp based ones aren't. I'm aware though, that most *do*
require root privileges to set up and I've asked upstream to more
clearly mark which features are available user services and which
aren't in the documentation.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]