diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2020-06-12 21:48:48 -0700 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2020-09-10 09:24:19 +0000 |
commit | da77cfb4a60d8109abbd41b151c2dbf56cba25e8 (patch) | |
tree | 8971fdb3a72bc909e222185d1cbc009fad2ed2c1 /src/corelib/doc/snippets/code/src_corelib_io_qprocess.cpp | |
parent | ace19063cbb02eb0dc05d2c7f1dcb9a9207c7702 (diff) |
Doc: clean up the QProcess::setChildProcessModifier example
- Use nullptr instead of 0
- Pass directory to chroot that is not in /etc
- Set umask to a sensible value (0 is insecure)
Change-Id: I1dba29bc0f454df09ca1fffd161801257f9ccb3c
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/corelib/doc/snippets/code/src_corelib_io_qprocess.cpp')
-rw-r--r-- | src/corelib/doc/snippets/code/src_corelib_io_qprocess.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/corelib/doc/snippets/code/src_corelib_io_qprocess.cpp b/src/corelib/doc/snippets/code/src_corelib_io_qprocess.cpp index 5bbbd1b2cd..f6ea843ab6 100644 --- a/src/corelib/doc/snippets/code/src_corelib_io_qprocess.cpp +++ b/src/corelib/doc/snippets/code/src_corelib_io_qprocess.cpp @@ -96,12 +96,12 @@ void runSandboxed(const QString &name, const QStringList &arguments) proc.setChildProcessModifier([] { // Drop all privileges in the child process, and enter // a chroot jail. - ::setgroups(0, 0); - ::chroot("/etc/safe"); + ::setgroups(0, nullptr); + ::chroot("/run/safedir"); ::chdir("/"); ::setgid(safeGid); ::setuid(safeUid); - ::umask(0); + ::umask(077); }); proc.start(name, arguments); proc.waitForFinished(); |