[Webkit-unassigned] [Bug 191360] [GTK][WPE] Bubblewrap launcher should not depend on memfd
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 9 09:30:55 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=191360
--- Comment #12 from Patrick Griffis <pgriffis at igalia.com> ---
(In reply to Michael Catanzaro from comment #11)
> But I don't understand. How can you escape the sandbox? The trusted UI
> process creates the fd, stuffs arguments into it, launches the bwrap
> process, and then bwrap reads them from the fd before launching the
> untrusted process. Right? I don't see why it has to be read-only.
Well I've not tested it yet, but `/.flatpak-info` is read at various points during runtime and what it contains determines what `xdg-desktop-portal` exposes. So it does need to be read-only.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181109/762fd1c6/attachment.html>
More information about the webkit-unassigned
mailing list