[sane-devel] Sandboxing scanner applications

Bastien Nocera hadess at hadess.net
Sat Sep 19 15:39:57 BST 2020

On Sat, 2020-09-19 at 14:42 +0300, Alexander Pevzner wrote:
> On 9/19/20 12:25 PM, Bastien Nocera wrote:
> > Sealed memfds, passed via D-Bus, that's 1/2GB in all :)
> If D-Bus can pass an arbitrary file descriptor, it can be used to
> pass 
> AF_UNIX socket, allowing usage of "network" transport without actual 
> access to networking,

I could, but I would have to write the initial D-Bus negotiation, I
would need to have saned always running, and this would just make it
more difficult overall.

I don't understand why you'd be telling me to write code to use saned
in a way that it wasn't designed for and the net backend when earlier
in the thread you told me that the SANE API didn't allow for ADF
detection or PDF scanning. So which is it? ;)

>  and saving 1/2GB of memfs :-)

You're the one that posited something completely wrong with regards to
memory usage. I can just as well send image data along with the
progress information so that we don't need to have a whole half-gig of
data in flight at one point :)

More information about the sane-devel mailing list