diff options
author | Bastien Nocera <hadess@hadess.net> | 2020-10-09 10:25:36 +0200 |
---|---|---|
committer | Bastien Nocera <hadess@hadess.net> | 2020-10-13 13:45:43 +0200 |
commit | 34ff6b9445a464dde8d3d73d481cbfb56d767aa3 (patch) | |
tree | d34ad45ed94c30534d7eff0260fb15bd320a345d /README.md | |
parent | 46f03a237302eaefe4d6a8ef677c453db97cece3 (diff) | |
download | gnome-desktop-34ff6b9445a464dde8d3d73d481cbfb56d767aa3.tar.gz |
thumbnail: Sandbox thumbnailers in Flatpakswip/hadess/sandbox-flatpak-thumbnailer
Up until now, thumbnailer sandboxing was disabled in Flatpaks as bwrap
cannot be used to create a namespace inside a namespace. Use
Flatpak's "Spawn" method, via flatpak-spawn, to launch a separate
sandbox for thumbnailing.
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -25,6 +25,10 @@ bwrap binary, is a non-optional dependency on platforms where it is supported and thumbnailing will silently fail when it is not installed at runtime. +[flatpak-xdg-utils](https://github.com/flatpak/flatpak-xdg-utils/)'s `flatpak-spawn` +helper is a non-optional dependency for using gnome-desktop's thumbnailer +when the app is being run within Flatpak >= 1.5.1. + How to report bugs ================== @@ -56,4 +60,4 @@ potential attack vectors. thumbnailer the only thing that can be written from inside the sandbox. - Subverting other programs to do one of those is (hopefully) prevented by only allowing it to output PNG thumbnails, because we hope PNG reader libraries are - a lot more secure than libraries to read exotic image formats.
\ No newline at end of file + a lot more secure than libraries to read exotic image formats. |