[Webkit-unassigned] [Bug 140075] New: [Linux] SeccompFilters: cannot open local files if network process is disabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 4 22:20:12 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=140075
Bug ID: 140075
Summary: [Linux] SeccompFilters: cannot open local files if
network process is disabled
Classification: Unclassified
Product: WebKit
Version: 528+ (Nightly build)
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit2
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
If the network process is disabled (e.g. by selecting the shared-secondary-process process model) then the web process will be used to load files from disk when the user accesses a file:// URI (either manually or through a browser's file chooser). But with seccomp filters enabled, the web process has no permission to open the file. We have a few different options:
* Disable the sandbox when the network process is disabled.
* Make the network process mandatory. (This is what Apple wants to do, anyway.)
* Implement runtime sandbox extensions, so the UI process can tell the seccomp broker to allow a trapped process access to additional files. Apple has sandbox extensions already working in the cross-platform code, but it would require significant modifications to the seccomp filters backend (see also bug #140062) so this may not be a short-term project.
Long-term, there is value in implementing sandbox extensions even if the network process is mandatory -- not for the web process, but for the network process, so that we can sandbox the network process as well.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150105/b1d3f72f/attachment-0002.html>
More information about the webkit-unassigned
mailing list