Further improvements to default web process policy
Created attachment 249284 [details] [Linux] Improvements to SyscallPolicy
OK Zan, last bug for now!
Created attachment 257685 [details] Patch
Comment on attachment 257685 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=257685&action=review > Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp:264 > + char* gstreamerPluginDirectory = getenv("GST_PLUGIN_PATH_1_0"); > + if (gstreamerPluginDirectory) > + addDirectoryPermission(gstreamerPluginDirectory, Read); > + char* gstreamerRegistryFile = getenv("GST_REGISTRY_1_0"); > + if (gstreamerRegistryFile) > + addFilePermission(gstreamerRegistryFile, ReadAndWrite); Consider if (char* envVariable = getenv("name")) addFilePermission(envVariable, ...);
OK. Is that new in C++11, or have you always been able to do that? I saw it for the first time last year and keep forgetting that it's possible.
Committed r187547: <http://trac.webkit.org/changeset/187547>
(In reply to comment #5) > OK. Is that new in C++11, or have you always been able to do that? I saw it > for the first time last year and keep forgetting that it's possible. It's older than C++11. Not sure about 'always'.