Skip to content

improve seccomp filter

valoq requested to merge valoq/zathura:develop into develop

This commit removes system calls used by older glibc and kernel versions such as present in Debian Bullseye.

The new list has been tested with glibc >= 2.36 and Linux >= 6.0 on Archlinux and Debian Bookworm

The new list has been tested with Debian Stable/Bullseye, Debian testing/Bookworm and Arch Linux

This also adds a warning to the strict sandbox if X11 is detected in order to make sure users are aware of the missing process isolation.

The basic filter was updated as well to avoid an issue with firefox

Edited by valoq

Merge request reports