2016-12-09 7:11 GMT+01:00 Tomasz Torcz <to...@pipebreaker.pl>: > On Fri, Dec 09, 2016 at 01:35:39AM +0100, Michael Biebl wrote: >> 2016-12-06 0:03 GMT+01:00 Michael Catanzaro <mcatanz...@gnome.org>: >> > On Mon, 2016-12-05 at 21:31 +0100, Carlos Garnacho wrote: >> >> Thanks for the tip :), worth a look indeed, although I'm looking into >> >> using seccomp directly. >> > >> > Strongly consider using libseccomp for this! >> >> Has it been considered to use the systemd sandboxing features? tracker >> already ships systemd --user service files, so you'd basically get >> that for free. > > Correct me if I'm wrong, but aren't systemd sandboxing features only > available to system instance? User systemd sessions lack priviledges > to set up separate namespaces etc.
The seccomp based ones aren't. I'm aware though, that most *do* require root privileges to set up and I've asked upstream to more clearly mark which features are available user services and which aren't in the documentation. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list