diff options
| author | Michael Meeks <michael.meeks@collabora.com> | 2024-04-06 15:07:30 +0100 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2024-04-07 12:11:48 +0200 |
| commit | 144b701453de72c7c5a741cc148a42b25c309ad4 (patch) | |
| tree | 9ae7fe85986afda4dea4bf48a1392fb7326fad59 /kit | |
| parent | Random re-work: keep a file-descriptor open to /dev/urandom (diff) | |
| download | online-144b701453de72c7c5a741cc148a42b25c309ad4.tar.gz online-144b701453de72c7c5a741cc148a42b25c309ad4.zip | |
cool#8703 - Drop random node creation and rely on inherited fd.
Re-using an inherited file descriptor to /dev/urandom frees us
from problems with mount options including 'nodev' and removes a
capability from the set we need.
Change-Id: I70337e923f802d7efbd3159c11a4e39f6529b6e6
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Diffstat (limited to 'kit')
| -rw-r--r-- | kit/ForKit.cpp | 2 | ||||
| -rw-r--r-- | kit/Kit.cpp | 7 |
2 files changed, 5 insertions, 4 deletions
diff --git a/kit/ForKit.cpp b/kit/ForKit.cpp index e33a9a9b6b..316c571606 100644 --- a/kit/ForKit.cpp +++ b/kit/ForKit.cpp @@ -256,8 +256,6 @@ static bool haveCorrectCapabilities() // Do check them all, don't shortcut with && if (!haveCapability(CAP_SYS_CHROOT)) result = false; - if (!haveCapability(CAP_MKNOD)) - result = false; if (!haveCapability(CAP_FOWNER)) result = false; if (!haveCapability(CAP_CHOWN)) diff --git a/kit/Kit.cpp b/kit/Kit.cpp index f618e0683a..72cc31e7f8 100644 --- a/kit/Kit.cpp +++ b/kit/Kit.cpp @@ -2709,9 +2709,13 @@ void copyCertificateDatabaseToTmp(Poco::Path const& jailPath) } } } + #endif } + + + void lokit_main( #if !MOBILEAPP const std::string& childRoot, @@ -2917,8 +2921,7 @@ void lokit_main( } } - // Setup the devices inside /tmp and set TMPDIR. - JailUtil::setupJailDevNodes(Poco::Path(jailPath, "/tmp").toString()); + // Setup /tmp and set TMPDIR. ::setenv("TMPDIR", "/tmp", 1); allowedPaths += ":w:/tmp"; |