security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 36 Wiki Activity

dbus: enable syscall filter
Some checks failed
Build / Create distribution (push) Successful in 1m52s
Details
Test / Run NixOS test (push) Failing after 1m54s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-01-22 02:01:01 +09:00
parent 5a64cdaf4f
commit 5e90b08406
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
dbus/run.go
View File

@ -67,6 +67,7 @@ func (p *Proxy) Start(ready chan error, output io.Writer, sandbox bool) error {
Unshare: nil, Unshare: nil,
Hostname: "fortify-dbus", Hostname: "fortify-dbus",
Chdir: "/", Chdir: "/",
Syscall: &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true},
Clearenv: true, Clearenv: true,
NewSession: true, NewSession: true,
DieWithParent: true, DieWithParent: true,