rusty-snake

Commenting here from a "user" perspective ([crablock](https://codeberg.org/crabjail/crablock)). Restricting `W&X` has three domains. 1. **memory**. Creating `W&X` memory with `mmap`/`mprotect`-family can be blocked with `prctl(PR_SET_MDWE, PR_MDWE_REFUSE_EXEC_GAIN)`. 2. **filesystem**. Accessing filesystems in...

> Hacky workaround Triple tap, much faster.

Testing this moved me to a crash loop again, yeah. Details ``` type: crash osVersion: google/oriole/oriole:15/AP4A.241205.013/2024121200:user/release-keys package: de.westnordost.streetcomplete.expert:6003, targetSdk 34 process: de.westnordost.streetcomplete.expert processUptime: 875 + 206 ms installer: dev.imranr.obtainium java.lang.NumberFormatException:...

Ok, somehow managed it out of it. Switching custom overlays works.

You must have mean Accroissant in your title ;) For me it updated the icon w/o cleaning storage after some time.

Sure that is fails on `Idconfig` and not `ldconfig`? Can you run `flatpak run --command=echo com.github.tchx84.Flatseal 'Hello'`. Does it fail too? Do other flatpaks work?

1. Mountinfo can be blocked by not mounting any procfs and installing a seccomp filter that blocks `statmount`/`listmount`. 2. Commandline can be hidden by using `--args`.

> Is there another way to strip such information? Since mountinfo is per process, you can not use `subset=pid` or equivalents. Maybe you can mess with SELinux, fanotify, seccomp_unotify. However...