Drop seccomp sandboxing
Again and again the seccomp filter breaks the greeter, because of changes in Qt, Mesa or other drivers. On top of that, it doesn't even really provide security: - It defaults to allowing syscalls (early on, open was not allowed, but openat was, making it useless) - With the prop. nvidia driver or on wayland, creating and writing files is explicitly allowed - The DBus session bus is open, allowing arbitrary commands to be run This has a side effect: Without the sandbox, it's not necessary to have a long-running kcheckpass anymore, so the authenticator is now always using the "direct" mode.
Showing with 0 additions and 2077 deletions