From 5e90b08406858dd82a894771c852049ecb7ae8e8 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Wed, 22 Jan 2025 02:01:01 +0900
Subject: [PATCH] dbus: enable syscall filter

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 dbus/run.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dbus/run.go b/dbus/run.go
index 0a554bf..15bf499 100644
--- a/dbus/run.go
+++ b/dbus/run.go
@@ -67,6 +67,7 @@ func (p *Proxy) Start(ready chan error, output io.Writer, sandbox bool) error {
 			Unshare:       nil,
 			Hostname:      "fortify-dbus",
 			Chdir:         "/",
+			Syscall:       &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true},
 			Clearenv:      true,
 			NewSession:    true,
 			DieWithParent: true,