Extend seccomp jail to full tracker-extract-3 process (!480) · Merge requests · GNOME / tracker-miners

Carlos Garnacho requested to merge carlosg/tracker-miners:wip/extend-seccomp into master Sep 26, 2023

A series of structural changes to have no special threads wrt seccomp rules in the tracker-extract-3 process, and apply these integrally to the whole process:

Error reports are handled by emitting a D-Bus signal on org.freedesktop.Tracker3.Extract, picked up by tracker-miner-fs-3.
Configuration usage has been cleaned up from the extractor, and the essentials (i.e. max-bytes for plain text content) are read from a property at org.freedesktop.Tracker3.Files from the tracker-miner-fs-3 side.
Persistence and error recovery is handled through a memfd handed by org.freedesktop.Tracker3.Files
GstRegistry has been made less fork-happy

With these questions that made us have a special thread solved, the merge request also performs the necessary changes to apply seccomp to the full process.

Related: #277 (closed)

Extend seccomp jail to full tracker-extract-3 process

Merge request reports