User Details
User Details
- User Since
- Jul 16 2017, 10:21 AM (353 w, 4 d)
- Availability
- Available
Oct 19 2018
Oct 19 2018
detlefe added a comment to D8532: [WIP] Restrict file extractor with Seccomp.
Dropping one more comment, in case someone wants to give it a try: Apparmor profile transitions don't work if a seccomp filter has been installed before. This makes it probably rather difficult to integrate DrKonqi into an Apparmor policy.
detlefe added a comment to D8532: [WIP] Restrict file extractor with Seccomp.
Sep 1 2018
Sep 1 2018
detlefe added a comment to D8532: [WIP] Restrict file extractor with Seccomp.
I'm just an interested user and cannot comment on the question of external plugins. But before this enters a deep sleep, I wonder if at least the current patch should find its way into the extractors or into kfilemetadata.
Jan 31 2018
Jan 31 2018
detlefe added a comment to D8532: [WIP] Restrict file extractor with Seccomp.
A whitelist, even if it is broad, would be desirable to reduce the attack surface of the kernel, and is also the way it has been done for Gnome Tracker. But the concerns about maintenance remain, it probably should be tested regularly. Are there ways this can be automated?