On Fri, Dec 09, 2016 at 01:35:39AM +0100, Michael Biebl wrote: > 2016-12-06 0:03 GMT+01:00 Michael Catanzaro <mcatanz...@gnome.org>: > > On Mon, 2016-12-05 at 21:31 +0100, Carlos Garnacho wrote: > >> Thanks for the tip :), worth a look indeed, although I'm looking into > >> using seccomp directly. > > > > Strongly consider using libseccomp for this! > > Has it been considered to use the systemd sandboxing features? tracker > already ships systemd --user service files, so you'd basically get > that for free.
Correct me if I'm wrong, but aren't systemd sandboxing features only available to system instance? User systemd sessions lack priviledges to set up separate namespaces etc. Also, in additional to libseccomp, there's https://github.com/projectatomic/bubblewrap for sandboxing. It is suid binary, though. -- Tomasz Torcz There exists no separation between gods and men: xmpp: zdzich...@chrome.pl one blends softly casual into the other. _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
