detlefe added a comment.
A whitelist, even if it is broad, would be desirable to reduce the attack surface of the kernel, and is also the way it was done for Gnome Tracker. But the concerns about maintenance remain, someone should test it regularly. Are there ways this can be automated? In case the decision falls for the blacklist, would it be possible to add ptrace, process_vm_readv, process_vm_writev? REPOSITORY R293 Baloo REVISION DETAIL https://phabricator.kde.org/D8532 To: davidk, apol, ossi Cc: detlefe, ngraham, nicolasfella, #frameworks, michaelh