Bug 256917

Summary:	[GLib] Re-enable bwrap sandbox in containers when supported
Product:	WebKit	Reporter:	Patrick Griffis <pgriffis>
Component:	WebKitGTK	Assignee:	Diego Pino <dpino>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	bugs-noreply, dpino
Priority:	P2
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Patrick Griffis

Reported 2023-05-17 13:53:55 PDT

This detects if bwrap actually works inside of a container instead of always disabling it.

Attachments
Add attachment proposed patch, testcase, etc.

Patrick Griffis

Comment 1 2023-05-17 13:57:18 PDT

Pull request: https://github.com/WebKit/WebKit/pull/13985

EWS

Comment 2 2023-05-18 03:36:13 PDT

Committed 264196@main (4c39f3875728): <https://commits.webkit.org/264196@main> Reviewed commits have been landed. Closing PR #13985 and removing active labels.

Diego Pino

Comment 3 2023-05-22 06:42:01 PDT

When building WPE for ARM64 inside a container I got the following error: ``` FAILED: Source/WTF/wtf/CMakeFiles/WTF.dir/glib/Sandbox.cpp.o /usr/bin/clang++-14 -DBUILDING_WEBKIT=1 -DBUILDING_WITH_CMAKE=1 -DBUILDING_WPE__=1 -DBUILDING_WTF -DGETTEXT_PACKAGE=\"WPE\" -DHAVE_CONFIG_H=1 -DJSC_GLIB_API_ENABLED -DPAS_BMALLOC=1 -DSTATICALLY_LINKED_WITH_bmalloc -I. -IWTF/DerivedSources -I../../../Source/WTF -I../../../Source/WTF/wtf -I../../../Source/WTF/wtf/dtoa -I../../../Source/WTF/wtf/fast_float -I../../../Source/WTF/wtf/persistence -I../../../Source/WTF/wtf/text -I../../../Source/WTF/wtf/text/icu -I../../../Source/WTF/wtf/threads -I../../../Source/WTF/wtf/unicode -Ibmalloc/Headers -isystem ../DependenciesWPE/Root/include/gio-unix-2.0 -isystem ../DependenciesWPE/Root/include/glib-2.0 -isystem ../DependenciesWPE/Root/lib/glib-2.0/include -fdiagnostics-color=always -fcolor-diagnostics -Wextra -Wall -pipe -Wno-noexcept-type -Wno-psabi -Wno-misleading-indentation -Wno-parentheses-equality -Qunused-arguments -Wundef -Wpointer-arith -Wmissing-format-attribute -Wformat-security -Wcast-align -Wno-tautological-compare -fno-strict-aliasing -fno-exceptions -fno-rtti -O3 -DNDEBUG -fPIC -fvisibility=hidden -fvisibility-inlines-hidden -pthread -std=c++2a -MD -MT Source/WTF/wtf/CMakeFiles/WTF.dir/glib/Sandbox.cpp.o -MF Source/WTF/wtf/CMakeFiles/WTF.dir/glib/Sandbox.cpp.o.d -o Source/WTF/wtf/CMakeFiles/WTF.dir/glib/Sandbox.cpp.o -c ../../../Source/WTF/wtf/glib/Sandbox.cpp ../../../Source/WTF/wtf/glib/Sandbox.cpp:49:13: error: use of undeclared identifier 'BWRAP_EXECUTABLE' BWRAP_EXECUTABLE, ``` Build flag ENABLE_BUBBLEWRAP_SANDBOX is OFF. I think access to BWRAP_EXECUTABLE in Sandbox.cpp needs to be guarded by ENABLE(BUBBLEWRAP_SANDBOX).

Diego Pino

Comment 4 2023-05-22 06:44:29 PDT

Re-opening for pull request https://github.com/webkit/webkit/pull/14177

EWS

Comment 5 2023-05-22 20:00:27 PDT

Committed 264395@main (4977290ab4ab): <https://commits.webkit.org/264395@main> Reviewed commits have been landed. Closing PR #14177 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.