[Webkit-unassigned] [Bug 188568] [GTK][WPE] Implement subprocess sandboxing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 1 03:00:27 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188568
--- Comment #88 from Patrick Griffis <pgriffis at igalia.com> ---
(In reply to youenn fablet from comment #85)
> Comment on attachment 350781 [details]
> [GTK][WPE] Implement subprocess sandboxing
>
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=350781&action=review
>
> > Source/WebKit/UIProcess/Launcher/ProcessLauncher.h:74
> > +#endif
>
> Why not using extraInitializationData instead?
Well we need a list of strings and a bool, probably wouldn't want to shove those in a string.
> > Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:158
> > + const String& resolvedLocalStorageDirectory() const { return m_resolvedConfiguration.localStorageDirectory; }
>
> resolvedLocalStorageDirectory() does not seem used anywhere.
Fixed.
>
> > Source/WebKit/UIProcess/glib/NetworkProcessProxyGLib.cpp:35
> > + launchOptions.extraSandboxPaths.append(store.resolvedNetworkCacheDirectory());
>
> Do you need this at the moment of creating the process?
> Or can the UIProcess pass a sandbox extension to the NetworkProcess at a
> later point?
>
> One potential issue is that the NetworkProcess might need to handle several
> sessions, hence several WebsiteDataStores, hence several network cache
> directories.
We discussed this a bit but yes all paths are required at launch time and cannot be modified after.
For now we will just assert everything needed is set up ahead of time.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181001/8021b2b5/attachment.html>
More information about the webkit-unassigned
mailing list