ossi added a comment.
you *really* should use a whitelist. it's ok if that breaks some 3rdparty extractor; you'll get a bug report which you can properly evaluate. you could go totally overboard and assign fine-grained syscall capabilities to individual extractors, but i can't really think of legitimate reasons why that would be necessary in this context. REPOSITORY R293 Baloo REVISION DETAIL https://phabricator.kde.org/D8532 To: davidk, apol, ossi Cc: #frameworks
