Bug 219196
| Summary: | [GTK] Sandbox in Flatpak | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Milan Crha <mcrha> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | Normal | CC: | bugs-noreply, mcatanzaro |
| Priority: | P2 | ||
| Version: | Other | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Milan Crha
I suggest to disable sandbox (mimic WEBKIT_FORCE_SANBOX=0) when the application runs in a Flatpak sandbox. The current behavior just means to run a sandbox in a sandbox, which feels like an overhead. I know the "attacker" can get to the application data, but not to the system data, thus it should be fine. More or less.
I've got this idea after seeing a Flatpak-related downstream print bug report:
https://gitlab.gnome.org/GNOME/evolution/-/issues/1236
which you may or may not consider covered by the bug #202363.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
The nested sandbox is intentional. Having only top-level sandboxing isn't enough because you run web content from multiple origins in a web browser, and those origins are expected to compromise the web process and try to hack each other.
The overhead should be pretty minimal. I know it's not necessary for Evolution, but it is needed in general.