Skip to content

Drop seccomp sandboxing

Fabian Vogt requested to merge work/noseccomp into master

Again and again the seccomp filter breaks the greeter, because of changes in Qt, Mesa or other drivers.

On top of that, it doesn't even really provide security:

  • It defaults to allowing syscalls (early on, open was not allowed, but openat was, making it useless)
  • With the prop. nvidia driver or on wayland, creating and writing files is explicitly allowed
  • The DBus session bus is open, allowing arbitrary commands to be run

This has a side effect: Without the sandbox, it's not necessary to have a long-running kcheckpass anymore, so the authenticator is now always using the "direct" mode.

Merge request reports

Loading