[Webkit-unassigned] [Bug 188568] [GTK][WPE] Implement subprocess sandboxing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 18 07:55:17 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188568
--- Comment #55 from Michael Catanzaro <mcatanzaro at igalia.com> ---
(In reply to Carlos Garcia Campos from comment #53)
> > It's added in glibc 2.27, which too recent. That's why it's better to call
> > syscall() than to use it via glibc.
>
> But I guess __NR_memfd_create needs to be defined somewhere?
Good point. That's probably a good thing since it will lead to a build failure, rather than a runtime failure. We're surely not interested in supporting the sandbox in systems that lack __NR_memfd_create.
(In reply to Carlos Garcia Campos from comment #53)
> Ok, go it. Should we use NeverDestroyed then?
No, because then the proxy subprocess will never be killed when the UI process quits.
That said, good catch, we have exit-time destructors here still. It will need to be refactored to avoid that... somehow.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180918/bad80e9d/attachment.html>
More information about the webkit-unassigned
mailing list