Hi,
On Tue, Dec 6, 2016 at 1:36 PM, sivmu <[email protected]> wrote: > When evince is executed, an additional process (evinced) is started via > dbus. > > This makes it quite difficult to jail evince in applications like > firejail, since the evinced process is started not as a child but as its > own process outside of the jail. > I think that you can modify evinced to start different evince instances in a jail. That's actually some kind of thing we should investigate further. > > Although this is not an issue for evince on its own, I would like to > know why evince behaves like this. > From experiments I found out that if I remove the evince.service file or > block access to the dbus socket, evince still seems to works as expected > without evinced. Another way to prevent this seems to be to use the > --disable-dbus flag. > The difference and the reason why evinced exists is because Evince is using different processes for different Documents. That is, if you have four documents opened in evince, then you'd have four evince processes + the evinced process. The Evinced process is there to coordinate between the different evince processes. Of course this is not necessary, it was a decision taken a long time ago, but last time we discussed this feature we were happy about it. That being said, there is always the question of add sandboxing to evince since we are dealing with pdf and there are a lot of security bugs involving pdf files. So any help in this direction would be welcomed. Greetings, José > > Please explain why evince uses a daemon process and what exactly evinced > does. > > Thank you > > > _______________________________________________ > evince-list mailing list > [email protected] > https://mail.gnome.org/mailman/listinfo/evince-list > >
_______________________________________________ evince-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/evince-list
