Forbid more syscalls which could modify the filesystem
Summary:
Forbid more syscalls. An malicious theme could create directories with the
password as name, or encode the password in chmod bits. Also, prevent
deleting anything, so a theme can't delete the users files.
Test Plan:
- Autotests run fine
- Started sceenlocker, unlocked, created a new session. Got no seccomp violations in dmesg and everything worked fine.
- Didn't test it with the nvidia driver
Reviewers: graesslin
Reviewed By: graesslin
Subscribers: plasma-devel
Tags: Plasma
Differential Revision: https://phabricator.kde.org/D8756