summaryrefslogtreecommitdiff
path: root/src/gnome-desktop/gnome-desktop-thumbnail-script.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gnome-desktop/gnome-desktop-thumbnail-script.c')
-rw-r--r--src/gnome-desktop/gnome-desktop-thumbnail-script.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/gnome-desktop/gnome-desktop-thumbnail-script.c b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
index 525766388..8e8b87653 100644
--- a/src/gnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray *argv_array,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
- {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
+ {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},
};
struct
@@ -565,6 +565,10 @@ add_bwrap (GPtrArray *array,
}
}
+ /* fontconfig cache if necessary */
+ if (!g_str_has_prefix (FONTCONFIG_CACHE_PATH, "/usr/"))
+ add_args (array, "--ro-bind-try", FONTCONFIG_CACHE_PATH, FONTCONFIG_CACHE_PATH, NULL);
+
add_args (array,
"--proc", "/proc",
"--dev", "/dev",
View Lorry Controller Status