diff options
author | Tianon Gravi <admwiggin@gmail.com> | 2020-12-24 08:24:40 -0800 |
---|---|---|
committer | Tianon Gravi <admwiggin@gmail.com> | 2020-12-25 19:36:00 -0800 |
commit | 3332ae21f27559f69bd631cdb845bb81613bd45e (patch) | |
tree | 8b0af4bc60327b675a5990f210bc92c6d63098fc /bus | |
parent | d70ab37c85f243044f1e65c8f495611928f9d44c (diff) | |
download | at-spi2-core-3332ae21f27559f69bd631cdb845bb81613bd45e.tar.gz |
Use unix sockets instead of abstract sockets
Quoting Michael Catanzaro:
> Secure host services must not use abstract sockets.
>
> - If your sandboxed application uses --share=net to access the host
> network namespace, which is required for internet access, then it
> gets access to all the host's abstract sockets as well. Loads of
> sandboxed applications necessarily have to use --share=net.
>
> - If your sandboxed application does not use --share=net, it cannot
> access any host abstract sockets.
This also requires bumping the minimum glib version to 2.62.
Diffstat (limited to 'bus')
-rw-r--r-- | bus/accessibility.conf.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bus/accessibility.conf.in b/bus/accessibility.conf.in index 31b6a792..79c51464 100644 --- a/bus/accessibility.conf.in +++ b/bus/accessibility.conf.in @@ -6,7 +6,7 @@ <servicedir>@DATADIR@/dbus-1/accessibility-services</servicedir> <auth>EXTERNAL</auth> - <listen>unix:tmpdir=/tmp</listen> + <listen>unix:dir=/tmp</listen> <policy context="default"> <!-- Allow root to connect --> |