[Webkit-unassigned] [Bug 213148] WEBKIT_FORCE_SANDBOX (bwrap) needs to consider /etc/fonts (and possibly other fontconfig locations)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jun 13 07:08:51 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=213148
Jan Pokorný [poki] <fedora at t.poki.me> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |---
--- Comment #2 from Jan Pokorný [poki] <fedora at t.poki.me> ---
For the record, running MiniBrowser alone does _not_
appear to be equivalent to isolating this case further,
starting with said Evolution usage:
> GApplication is required for xdg-desktop-portal access
> in the WebKit sandbox
Indeed, fonts are always rendered just fine with
GDK_BACKEND=wayland WEBKIT_FORCE_SANDBOX=1
Following is much closer and _will_ actually manifest
the problem:
GDKWEBKIT_FORCE_SANDBOX=0 bwrap --bind /run/user/1000/bus /run/user/1000/bus --bind .flatpak-info /.flatpak-info --args 0 /usr/libexec/webkit2gtk-4.0/MiniBrowser
$ < bwrap-args \
WEBKIT_FORCE_SANDBOX=0 GDK_BACKEND=wayland \
bwrap --bind /run/user/$(id -u)/bus /run/user/$(id -u)/bus \
--bind bwrap-flatpak-info /.flatpak-info \
--args 0 \
/usr/libexec/webkit2gtk-4.0/MiniBrowser
where:
- bwrap-args:
$ > bwrap-args { cat | tr '\n' '\0'; } <<EOF
--die-with-parent
--unshare-pid
--unshare-uts
--unshare-net
--ro-bind
/usr/bin
/usr/local/bin
--ro-bind
/etc
/etc
--dev
/dev
--proc
/proc
--tmpfs
/tmp
--unsetenv
TMPDIR
--dir
/run
--symlink
../run
/var/run
--symlink
../tmp
/var/tmp
--ro-bind
/sys/block
/sys/block
--ro-bind
/sys/bus
/sys/bus
--ro-bind
/sys/class
/sys/class
--ro-bind
/sys/dev
/sys/dev
--ro-bind
/sys/devices
/sys/devices
--ro-bind-try
/usr/share
/usr/share
--ro-bind-try
/usr/local/share
/usr/local/share
--ro-bind-try
/usr/share
/usr/share
--ro-bind-try
/lib
/lib
--ro-bind-try
/usr/lib
/usr/lib
--ro-bind-try
/usr/local/lib
/usr/local/lib
--ro-bind-try
/usr/lib64
/usr/lib64
--ro-bind-try
/lib64
/lib64
--ro-bind-try
/usr/lib64
/usr/lib64
--ro-bind-try
/usr/local/lib64
/usr/local/lib64
--ro-bind-try
/usr/libexec/webkit2gtk-4.0
/usr/libexec/webkit2gtk-4.0
--ro-bind
/usr/lib/systemd/resolv.conf
/usr/lib/systemd/resolv.conf
--ro-bind
/usr/share/zoneinfo/Europe/Prague
/usr/share/zoneinfo/Europe/Prague
--bind-try
/run/user/$(id -u)/$WAYLAND_DISPLAY
/run/user/$(id -u)/$WAYLAND_DISPLAY
--unshare-ipc
--bind-try
/home/$(id -un)/.cache/webkitgtk/applications
/home/$(id -un)/.cache/webkitgtk/applications
--bind-try
/home/$(id -un)/.local/share/webkitgtk/mediakeys
/home/$(id -un)/.local/share/webkitgtk/mediakeys
--bind-try
/home/$(id -un)/.local/share/webkitgtk/databases
/home/$(id -un)/.local/share/webkitgtk/databases
--bind-try
/run/user/$(id -u)/pulse
/run/user/$(id -u)/pulse
--ro-bind-try
/home/$(id -un)/.config/pulse
/home/$(id -un)/.config/pulse
--ro-bind-try
/home/$(id -un)/.pulse
/home/$(id -un)/.pulse
--ro-bind-try
/home/$(id -un)/.asoundrc
/home/$(id -un)/.asoundrc
--dev-bind-try
/dev/snd
/dev/snd
--ro-bind-try
/home/$(id -un)/.config/fontconfig
/home/$(id -un)/.config/fontconfig
--ro-bind-try
/home/$(id -un)/.fontconfig
/home/$(id -un)/.fontconfig
--bind-try
/home/$(id -un)/.cache/fontconfig
/home/$(id -un)/.cache/fontconfig
--ro-bind-try
/home/$(id -un)/.fonts.conf
/home/$(id -un)/.fonts.conf
--ro-bind-try
/home/$(id -un)/.config/.fonts.conf.d
/home/$(id -un)/.config/.fonts.conf.d
--ro-bind-try
/home/$(id -un)/.local/share/fonts
/home/$(id -un)/.local/share/fonts
--ro-bind-try
/home/$(id -un)/.fonts
/home/$(id -un)/.fonts
--ro-bind-try
/var/cache/fontconfig
/var/cache/fontconfig
--ro-bind-try
/home/$(id -un)/.local/share/gstreamer-1.0
/home/$(id -un)/.local/share/gstreamer-1.0
--bind-try
/home/$(id -un)/.cache/gstreamer-1.0
/home/$(id -un)/.cache/gstreamer-1.0
--ro-bind-try
/usr/libexec/gstreamer-1.0/gst-plugin-scanner
/usr/libexec/gstreamer-1.0/gst-plugin-scanner
--ro-bind-try
/usr/libexec/gst-install-plugins-helper
/usr/libexec/gst-install-plugins-helper
--dev-bind-try
/dev/dri
/dev/dri
--dev-bind-try
/dev/mali
/dev/mali
--dev-bind-try
/dev/mali0
/dev/mali0
--dev-bind-try
/dev/umplock
/dev/umplock
--dev-bind-try
/dev/nvidiactl
/dev/nvidiactl
--dev-bind-try
/dev/nvidia0
/dev/nvidia0
--dev-bind-try
/dev/nvidia
/dev/nvidia
--dev-bind-try
/dev/kgsl-3d0
/dev/kgsl-3d0
--dev-bind-try
/dev/ion
/dev/ion
--dev-bind-try
/dev/v4l
/dev/v4l
--dev-bind-try
/dev/video0
/dev/video0
--dev-bind-try
/dev/video1
/dev/video1
--ro-bind-try
/home/$(id -un)/.config/gtk-3.0
/home/$(id -un)/.config/gtk-3.0
--ro-bind-try
/home/$(id -un)/.local/share/themes
/home/$(id -un)/.local/share/themes
--ro-bind-try
/home/$(id -un)/.themes
/home/$(id -un)/.themes
--ro-bind-try
/home/$(id -un)/.icons
/home/$(id -un)/.icons
EOF
*** apparently, some tweaks may be needed,
e.g. for another video device
- bwrap-flatpak-info:
$ > bwrap-flatpak-info cat <<EOF
[Application]
name=org.test.MiniBrowser
EOF
May I keep this open till the mechanics of the problem
is nailed down?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200613/85480e61/attachment.htm>
More information about the webkit-unassigned
mailing list