Bug 227343

Summary:

[GTK] MiniBrowser: add an option to enable the web process sandbox

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKitGTK

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bugs-noreply, mcatanzaro

Priority:

Keywords:

Gtk

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	mcatanzaro: review+

Description Carlos Garcia Campos 2021-06-24 02:36:48 PDT

Comment 1 Carlos Garcia Campos 2021-06-24 02:38:05 PDT

Created attachment 432143 [details]
Patch

Comment 2 Michael Catanzaro 2021-06-24 08:46:28 PDT

Comment on attachment 432143 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=432143&action=review

> Tools/MiniBrowser/gtk/main.c:149
> +    { "enable-sandbox", 0, 0, G_OPTION_ARG_NONE, &enableSandbox, "Enable web process sandbox support", NULL },

Ideally it would be on by default, to have the best chance of avoiding mistakes like developing new features that are incompatible with the sandbox (it has happened recently). I guess the sandbox will probably break layout tests if we're not careful, though. And I know you want to avoid waiting for D-Bus registration when running layout tests.

So I would flip it to disable-sandbox, if possible.

> Tools/MiniBrowser/gtk/main.c:682
> +        if (!webkit_website_data_manager_is_ephemeral(manager)) {
> +            webkit_web_context_add_path_to_sandbox(webContext, webkit_website_data_manager_get_base_data_directory(manager), TRUE);
> +            webkit_web_context_add_path_to_sandbox(webContext, webkit_website_data_manager_get_base_cache_directory(manager), TRUE);
> +        }

Um, I thought this was supposed to be done automatically, but I can't find any code for it, so I guess it has to be manual. :/

Comment 3 Michael Catanzaro 2021-06-24 10:03:44 PDT

(In reply to Michael Catanzaro from comment #2)
> So I would flip it to disable-sandbox, if possible.

If you do this, then we can also close bug #213174.

> > Tools/MiniBrowser/gtk/main.c:682
> > +        if (!webkit_website_data_manager_is_ephemeral(manager)) {
> > +            webkit_web_context_add_path_to_sandbox(webContext, webkit_website_data_manager_get_base_data_directory(manager), TRUE);
> > +            webkit_web_context_add_path_to_sandbox(webContext, webkit_website_data_manager_get_base_cache_directory(manager), TRUE);
> > +        }
> 
> Um, I thought this was supposed to be done automatically, but I can't find
> any code for it, so I guess it has to be manual. :/

Discussing this with Patrick, we think these should not be needed. Does something break if you don't add them? It might be a bug.

Comment 4 Carlos Garcia Campos 2021-06-28 05:41:14 PDT

Committed r279337 (239205@main): <https://commits.webkit.org/239205@main>