Use unix sockets instead of abstract sockets

Quoting Michael Catanzaro: > Secure host services must not use abstract sockets. > > - If your sandboxed application uses --share=net to access the host > network namespace, which is required for internet access, then it > gets access to all the host's abstract sockets as well. Loads of > sandboxed applications necessarily have to use --share=net. > > - If your sandboxed application does not use --share=net, it cannot > access any host abstract sockets. This also requires bumping the minimum glib version to 2.62.
author: Tianon Gravi <admwiggin@gmail.com> 2020-12-24 08:24:40 -0800
committer: Tianon Gravi <admwiggin@gmail.com> 2020-12-25 19:36:00 -0800
commit: 3332ae21f27559f69bd631cdb845bb81613bd45e (patch)
tree: 8b0af4bc60327b675a5990f210bc92c6d63098fc /bus
parent: d70ab37c85f243044f1e65c8f495611928f9d44c (diff)
download: at-spi2-core-3332ae21f27559f69bd631cdb845bb81613bd45e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/bus/accessibility.conf.in b/bus/accessibility.conf.in
index 31b6a792..79c51464 100644
--- a/bus/accessibility.conf.in
+++ b/bus/accessibility.conf.in
@@ -6,7 +6,7 @@
 <servicedir>@DATADIR@/dbus-1/accessibility-services</servicedir>
   <auth>EXTERNAL</auth>
 
-  <listen>unix:tmpdir=/tmp</listen>
+  <listen>unix:dir=/tmp</listen>
 
   <policy context="default">
     <!-- Allow root to connect -->
author	Tianon Gravi <admwiggin@gmail.com>	2020-12-24 08:24:40 -0800
committer	Tianon Gravi <admwiggin@gmail.com>	2020-12-25 19:36:00 -0800
commit	3332ae21f27559f69bd631cdb845bb81613bd45e (patch)
tree	8b0af4bc60327b675a5990f210bc92c6d63098fc /bus
parent	d70ab37c85f243044f1e65c8f495611928f9d44c (diff)
download	at-spi2-core-3332ae21f27559f69bd631cdb845bb81613bd45e.tar.gz