libtracker-common: Implement sandboxing through libseccomp
The threads calling the new tracker_seccomp_init() function, and all threads/processes spawned from these, will enter a restricted mode where only a few sensible syscalls are allowed, and more specifically, filesystem/socket access are restricted to being respectively readonly and local only. https://bugzilla.gnome.org/show_bug.cgi?id=764786
parent
697daeb1
Please register or sign in to comment