201486 – [GTK][WPE] Do not enable the sandbox in Snap

Bug 201486 - [GTK][WPE] Do not enable the sandbox in Snap

Summary: [GTK][WPE] Do not enable the sandbox in Snap

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Patrick Griffis

URL:
Keywords:

Depends on:
Blocks:	201793
	Show dependency tree / graph

Reported:	2019-09-04 19:32 PDT by Patrick Griffis
Modified:	2019-09-14 03:41 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Patch (1.99 KB, patch) 2019-09-04 19:34 PDT, Patrick Griffis	no flags	Details \| Formatted Diff \| Diff
Patch (2.27 KB, patch) 2019-09-05 13:29 PDT, Patrick Griffis	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Patrick Griffis 2019-09-04 19:32:45 PDT

[GTK][WPE] Do not enable the sandbox in Snap

Comment 1 Patrick Griffis 2019-09-04 19:34:51 PDT

Created attachment 378039 [details]
Patch

Comment 2 Carlos Garcia Campos 2019-09-05 01:32:59 PDT

Comment on attachment 378039 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=378039&action=review

> Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:65
> +    static int ret = -1;

Use Optional<bool> instead.

> Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:69
> +    ret = g_getenv("SNAP") != nullptr;

Do not compare to nullptr.

Comment 3 Michael Catanzaro 2019-09-05 05:35:27 PDT

Comment on attachment 378039 [details]
Patch

And now we have a secret little envvar we can use to disable the sandbox for testing, that nobody  else will likely be tempted to use. Cool.

Comment 4 Patrick Griffis 2019-09-05 13:29:39 PDT

Created attachment 378111 [details]
Patch

Comment 5 Patrick Griffis 2019-09-05 13:30:42 PDT

(In reply to Michael Catanzaro from comment #3)
> Comment on attachment 378039 [details]
> Patch
> 
> And now we have a secret little envvar we can use to disable the sandbox for
> testing, that nobody  else will likely be tempted to use. Cool.

WEBKIT_FORCE_SANDBOX=0 was already a thing.

Comment 6 Carlos Garcia Campos 2019-09-06 01:15:31 PDT

(In reply to Patrick Griffis from comment #5)
> (In reply to Michael Catanzaro from comment #3)
> > Comment on attachment 378039 [details]
> > Patch
> > 
> > And now we have a secret little envvar we can use to disable the sandbox for
> > testing, that nobody  else will likely be tempted to use. Cool.
> 
> WEBKIT_FORCE_SANDBOX=0 was already a thing.

I'm not sure that's checked at the right place, though. WebProcesdsPool::sandboxEnabled() will still return true.

Comment 7 WebKit Commit Bot 2019-09-06 02:00:11 PDT

Comment on attachment 378111 [details]
Patch

Clearing flags on attachment: 378111

Committed r249569: <https://trac.webkit.org/changeset/249569>

Comment 8 WebKit Commit Bot 2019-09-06 02:00:12 PDT

All reviewed patches have been landed.  Closing bug.