On Thu, 2016-03-24 at 00:38 +0200, Ahmed S. Darwish wrote: > A benefit for transforming the global mempool to memfds by > default now is that a follow-up patch can be quickly developed > to statically remove POSIX SHM support through a > --disable-posix-shm configure flag. > > Doing so, we can build a memfd-only libpulse version that can be > bundled in xdg-app runtimes going forward .. [1] [2] What's the purpose of disabling posix-shm in xdg-app runtimes? If the purpose is to prevent applications from doing malicious things, nothing prevents the application from bundling its own version of libpulse. Security is only achieved by blocking posix-shm in the server. -- Tanu
