[Webkit-unassigned] [Bug 188568] [GTK][WPE] Implement subprocess sandboxing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Sep 2 09:44:28 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188568
--- Comment #28 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Comment on attachment 348659
--> https://bugs.webkit.org/attachment.cgi?id=348659
[GTK][WPE] Implement subprocess sandboxing
View in context: https://bugs.webkit.org/attachment.cgi?id=348659&action=review
>> Source/cmake/OptionsGTK.cmake:209
>> +endif ()
>
> Problem is the options list will print that it is enabled, even though it's not, since you change it after the list is finalized in WEBKIT_OPTION_END(). So this needs to be checked earlier:
>
> if (CMAKE_SYSTEM_NAME MATCHES "Linux" AND EXISTS "/.flatpak-info")
> WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PUBLIC ON)
> else ()
> WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PRIVATE OFF)
> endif ()
>
> Then you can do a fatal error at the top of the if (ENABLE_BUBBLEWRAP_SANDBOX) condition below here if (EXISTS "/.flatpak-info").
Also, since this is a lot of code that will need to be shared with OptionsWPE.cmake as well, please check how we handled this for GStreamer by splitting the code out into separate include files. (There are multiple include files because they need to be included in different places. E.g. options should not changed before WEBKIT_OPTION_END(), and must not be tested until after that point.)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180902/75ff943b/attachment.html>
More information about the webkit-unassigned
mailing list