https://bugs.documentfoundation.org/show_bug.cgi?id=101903
Michael Meeks <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |low
--- Comment #3 from Michael Meeks <[email protected]> ---
The reason we have capabilities is to be able to implement our container
system; while the loolwsd process doesn't need privileges - it just handles
socket data - then loolforkit process - has to be able to fork, and chroot to
isolate its children. That requires various capabilities - which are of course
dropped after their use.
It would be possible to make loolforkit a suid binary - and to ensure that that
is dropped after forking. However - the forked process links and
pre-initializes a big chunk of LibreOffice code - which is perhaps not ideal in
a 'root' process either: up to you really.
Patches most welcome as always from BSD-ers =)
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
