RESOLVED FIXED 256917
[GLib] Re-enable bwrap sandbox in containers when supported 
https://bugs.webkit.org/show_bug.cgi?id=256917
Summary [GLib] Re-enable bwrap sandbox in containers when supported
Patrick Griffis
Reported 2023-05-17 13:53:55 PDT
This detects if bwrap actually works inside of a container instead of always disabling it.
Attachments
Add attachment proposed patch, testcase, etc.
Patrick Griffis
Comment 1 2023-05-17 13:57:18 PDT
Pull request: https://github.com/WebKit/WebKit/pull/13985
EWS
Comment 2 2023-05-18 03:36:13 PDT
Committed 264196@main (4c39f3875728): <https://commits.webkit.org/264196@main> Reviewed commits have been landed. Closing PR #13985 and removing active labels.
Diego Pino
Comment 3 2023-05-22 06:42:01 PDT
When building WPE for ARM64 inside a container I got the following error: ``` FAILED: Source/WTF/wtf/CMakeFiles/WTF.dir/glib/Sandbox.cpp.o /usr/bin/clang++-14 -DBUILDING_WEBKIT=1 -DBUILDING_WITH_CMAKE=1 -DBUILDING_WPE__=1 -DBUILDING_WTF -DGETTEXT_PACKAGE=\"WPE\" -DHAVE_CONFIG_H=1 -DJSC_GLIB_API_ENABLED -DPAS_BMALLOC=1 -DSTATICALLY_LINKED_WITH_bmalloc -I. -IWTF/DerivedSources -I../../../Source/WTF -I../../../Source/WTF/wtf -I../../../Source/WTF/wtf/dtoa -I../../../Source/WTF/wtf/fast_float -I../../../Source/WTF/wtf/persistence -I../../../Source/WTF/wtf/text -I../../../Source/WTF/wtf/text/icu -I../../../Source/WTF/wtf/threads -I../../../Source/WTF/wtf/unicode -Ibmalloc/Headers -isystem ../DependenciesWPE/Root/include/gio-unix-2.0 -isystem ../DependenciesWPE/Root/include/glib-2.0 -isystem ../DependenciesWPE/Root/lib/glib-2.0/include -fdiagnostics-color=always -fcolor-diagnostics -Wextra -Wall -pipe -Wno-noexcept-type -Wno-psabi -Wno-misleading-indentation -Wno-parentheses-equality -Qunused-arguments -Wundef -Wpointer-arith -Wmissing-format-attribute -Wformat-security -Wcast-align -Wno-tautological-compare -fno-strict-aliasing -fno-exceptions -fno-rtti -O3 -DNDEBUG -fPIC -fvisibility=hidden -fvisibility-inlines-hidden -pthread -std=c++2a -MD -MT Source/WTF/wtf/CMakeFiles/WTF.dir/glib/Sandbox.cpp.o -MF Source/WTF/wtf/CMakeFiles/WTF.dir/glib/Sandbox.cpp.o.d -o Source/WTF/wtf/CMakeFiles/WTF.dir/glib/Sandbox.cpp.o -c ../../../Source/WTF/wtf/glib/Sandbox.cpp ../../../Source/WTF/wtf/glib/Sandbox.cpp:49:13: error: use of undeclared identifier 'BWRAP_EXECUTABLE' BWRAP_EXECUTABLE, ``` Build flag ENABLE_BUBBLEWRAP_SANDBOX is OFF. I think access to BWRAP_EXECUTABLE in Sandbox.cpp needs to be guarded by ENABLE(BUBBLEWRAP_SANDBOX).
Diego Pino
Comment 4 2023-05-22 06:44:29 PDT
Re-opening for pull request https://github.com/webkit/webkit/pull/14177
EWS
Comment 5 2023-05-22 20:00:27 PDT
Committed 264395@main (4977290ab4ab): <https://commits.webkit.org/264395@main> Reviewed commits have been landed. Closing PR #14177 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.