davidk created this revision. Restricted Application added a project: Plasma. Restricted Application added a subscriber: plasma-devel.
REVISION SUMMARY Forbid more syscalls. An malicious theme could create directories with the password as name, or encode the password in chmod bits. Also, prevent deleting anything, so a theme can't delete the users files. TEST PLAN - Autotests run fine - Started sceenlocker, unlocked, created a new session. Got no seccomp violations in dmesg and everything worked fine. - Didn't test it with the nvidia driver REPOSITORY R133 KScreenLocker BRANCH seccomp REVISION DETAIL https://phabricator.kde.org/D8756 AFFECTED FILES greeter/autotests/seccomp_test.cpp greeter/seccomp_filter.cpp To: davidk Cc: plasma-devel, ZrenBot, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart
