MirrorMirror
/
riju
mirror of https://github.com/radian-software/riju.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Deny access to network due to abuse reports

This commit is contained in:
Radon Rosborough 2022-07-01 22:06:52 -07:00
parent 460af21c3e
commit 51cda5866b
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
system/src/riju-system-privileged.c
View File

@ -240,6 +240,13 @@ void session(char *uuid, char *lang, char *imageHash)
"4000", "4000",
"--cgroup-parent", "--cgroup-parent",
"riju.slice", "riju.slice",
// Deny access to outside networking for now in order to limit
// abuse, as we've received abuse reports from AWS. We should
// be able to remove this (and indeed we'll *want* to, in
// order to support package installation) by replacing it with
// a more fine-grained network control such as limiting
// outbound bandwidth.
"--network=none",
"--label", "--label",
"riju.category=user-session", "riju.category=user-session",
"--label", "--label",
@ -250,6 +257,7 @@ void session(char *uuid, char *lang, char *imageHash)
(char *)sentinel_bash, (char *)sentinel_bash,
NULL, NULL,
}; };
execvp(argv[0], argv); execvp(argv[0], argv);
die("execvp failed"); die("execvp failed");
} }