Skip to content
Commit 7720e848 authored by David Kahles's avatar David Kahles
Browse files

Forbid more syscalls which could modify the filesystem 

Summary:
Forbid more syscalls. An malicious theme could create directories with the
password as name, or encode the password in chmod bits. Also, prevent
deleting anything, so a theme can't delete the users files.

Test Plan:
- Autotests run fine
- Started sceenlocker, unlocked, created a new session.
  Got no seccomp violations in dmesg and everything worked fine.
- Didn't test it with the nvidia driver

Reviewers: graesslin

Reviewed By: graesslin

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D8756
parent 0f9a10fa
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment