[Webkit-unassigned] [Bug 190619] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 16 09:18:04 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=190619
Michael Catanzaro <mcatanzaro at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mcatanzaro at igalia.com
Attachment #352457|review?, commit-queue? |review+, commit-queue-
Flags| |
--- Comment #2 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Comment on attachment 352457
--> https://bugs.webkit.org/attachment.cgi?id=352457
[GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox
View in context: https://bugs.webkit.org/attachment.cgi?id=352457&action=review
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:43
> +static int createSealedMemFdWithData(const char *name, gconstpointer data, size_t size)
const char* name
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:129
> + void setPermissions(Vector<CString>& permissions)
Vector<CString>&&
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:132
> + m_permissions = permissions;
WTFMove(permissions)
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:651
> + g_warning("GApplication is required for portal access");
This warning message should be a bit more detailed, so users understand what is actually wrong:
"GApplication is required for xdg-desktop-portal access in the WebKit sandbox. Actions that require xdg-desktop-portal will be broken. To fix this, create a GApplication."
or something along those lines.
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:738
> + // xdg-desktop-portal defaults to assuming you are host application with
> + // full permissions unless it can identify you as a snap or flatpak.
> + // The easiest method is for us to pretend to be a flatpak and if that
> + // fails just blocking portals entirely as it just becomes a sandbox escape.
Is Alex OK with supporting this hackery? It's OK for now, but seems like not a great long-term solution.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181016/520b9724/attachment.html>
More information about the webkit-unassigned
mailing list