improve seccomp filter (!68) · Merge requests · pwmt / zathura

valoq requested to merge valoq/zathura:develop into develop Dec 22, 2022

~~This commit removes system calls used by older glibc and kernel versions such as present in Debian Bullseye.~~

~~The new list has been tested with glibc >= 2.36 and Linux >= 6.0 on Archlinux and Debian Bookworm~~

The new list has been tested with Debian Stable/Bullseye, Debian testing/Bookworm and Arch Linux

This also adds a warning to the strict sandbox if X11 is detected in order to make sure users are aware of the missing process isolation.

The basic filter was updated as well to avoid an issue with firefox

Edited Jan 13, 2023 by valoq

improve seccomp filter