[Webkit-unassigned] [Bug 188568] [GTK][WPE] Implement subprocess sandboxing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 17 09:39:20 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188568
--- Comment #14 from Michael Catanzaro <mcatanzaro at igalia.com> ---
(In reply to Patrick Griffis from comment #13)
> Michael said it was reasonable to focus on Pulseaudio (at least in context
> of GTK).
>
> The reality is that Pulseaudio is no safer than raw ALSA atm (Pipewire will
> be our
> savior perhaps) so I guess its fine to add raw dev access.
I don't know about /dev/snd.
Talking with Patrick, it sounds like the PulseAudio support is a huge hole in the sandbox that will definitely need to be removed once Pipewire is ready to obsolete it. I don't know if there's some way to detect at runtime whether we need to give access to Pulse or not; I guess that logic is buried deep in GStreamer?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180817/2db25e7c/attachment.html>
More information about the webkit-unassigned
mailing list