diff options
| author | Carlos Garnacho <carlosg@gnome.org> | 2016-12-06 17:08:09 +0100 |
|---|---|---|
| committer | Carlos Garnacho <carlosg@gnome.org> | 2016-12-08 17:06:48 +0100 |
| commit | bc44c499a8471ec5fa9b439c3207feb608f9c755 (patch) | |
| tree | 9b006a8c622232de75dc7293621c95f5b45a0827 | |
| parent | 95279b730a5c43a301d1e4d76d39e6e395f0a1c8 (diff) | |
| download | tracker-bc44c499a8471ec5fa9b439c3207feb608f9c755.tar.gz | |
tracker-extract: Sandbox extractor threads through seccomp
Those deal with plugins and potentially malicious content, make it
sure that any potential exploit is deprived of all tools that could
make it harmful.
https://bugzilla.gnome.org/show_bug.cgi?id=764786
| -rw-r--r-- | src/tracker-extract/tracker-extract.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/tracker-extract/tracker-extract.c b/src/tracker-extract/tracker-extract.c index a1d293e2b..530d7e61e 100644 --- a/src/tracker-extract/tracker-extract.c +++ b/src/tracker-extract/tracker-extract.c @@ -524,6 +524,9 @@ get_metadata (TrackerExtractTask *task) static gpointer single_thread_get_metadata (GAsyncQueue *queue) { + if (!tracker_seccomp_init ()) + g_assert_not_reached (); + while (TRUE) { TrackerExtractTask *task; |