[Webkit-unassigned] [Bug 193571] [GTK][WPE] Add API to add paths to sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 25 07:34:31 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=193571
--- Comment #39 from Michael Catanzaro <mcatanzaro at igalia.com> ---
(In reply to youenn fablet from comment #32)
> That leads to the question whether this API is a temporary solution to ease
> migrating apps to being sandboxed or if it will have more permanent usage.
It's permanent. Currently our sandbox strictly limits the paths that are allowed: anything under the standard XDG data dirs/prgname, e.g.:
~/.cache/epiphany
~/.config/epiphany
~/.local/share/epiphany
which is simultaneously too restrictive AND too permissive. E.g. in Epiphany we need to be able to whitelist temporary profiles under /tmp, which look like:
/tmp/epiphany-mcatanzaro-fPO5Qw
The only way to make that work currently would be for WebKit to unconditionally whitelist all of /tmp, which is no good, or for Epiphany to move them under /tmp/epiphany and then WebKit could whitelist /tmp/prgname, which is still too permissive because then unrelated Epiphany web processes will be able to see each others' data. So we can't really enable the sandbox until we have a fine-grained way to specify what paths exactly should be mounted inside the sandbox. With this API, mounting just /tmp/epiphany-mcatanzaro-fPO5Qw is no problem. And we can segregate profile data under ~/.cache and ~/.local/share such that web processes of separate instances can't see each others' data.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190125/40c4163c/attachment-0001.html>
More information about the webkit-unassigned
mailing list