Le Wed, Nov 08, 2023 at 11:04:01AM +0000, Klemens Nanni a écrit :
> This service seems like a common dependency for desktop environments
> and runs as root speaking D-Bus without any activesecurity mechanisms.
>
> ioctl(2) for cd(4) and sysctl(2) hw.disknames usage currently prevents
> using pledge(2).
>
> Use unveil("/", "rwc") for starters to strip x bits as, by design, this
> daemon is not executing anything (it spawns a thread, though).
>
> Perhaps "c" could be dropped as well, but I haven't looked that far into
> its Qt and D-Bus tentacles to check whether it does indeed never tries
> to create any files.
>
> This works for me under Xfce.
out of curiosity, what do you mean by 'works under Xfce' ? afaik,
nothing calls the org.freedesktop.UDisks2 name in xfce code.. and
thunar-volman (which isnt ported) requires gudev (not ported either)
Landry
