cyphar
commented
3 years ago (Though at this point there is a valid question of "why not just chroot at that point".) Maybe we should be applying security hardenings like that if possible, and if not then we fall back to the current approach (trust that our path sanitisation is safe).
It would be interesting to see if we can auto-apply AppArmor profiles if we are running as a privileged user (after all, we are only ever going to be modifying files inside the unpack directory and there are a whole host of rights we aren't going to be using).