[Webkit-unassigned] [Bug 213174] New: MiniBtowser: can skip sandboxing without verbose warning

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jun 13 15:58:34 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=213174

            Bug ID: 213174
           Summary: MiniBtowser: can skip sandboxing without verbose
                    warning
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: fedora at t.poki.me
                CC: bugs-noreply at webkitgtk.org

One of the surprise points about problem described in [bug 213148]
was a finding that the problem observed in WebKitGTK-under-Evolution
arrangement with GDK_BACKEND=wayland was _not_ observed with
WEBKIT_FORCE_SANDBOX=1 MiniBrowser -- fonts where always fine.

Only the explicit sandbox via bwrap wrapping triggered the same
type of issue, which indicates that the sandbox won't be established
even if explicitly asked (only perhaps unless all prerequisites
are satisifed).

That means that sandboxing is not (at least under some situations)
enabled!  While I see that MiniBox is more for testing and minimal
reproducers, some could have other expectations, and these could
believe they are protected with sandboxing while they are not.

I think this message logged in terminal indicates that no sandboxing
is in place:

> GApplication is required for xdg-desktop-portal access in the WebKit
> sandbox. Actions that require xdg-desktop-portal will be broken.

IMHO it should be double-checked, perhaps in sway WM without
gnome-settings-daemon or respective xsettings schema installed.

Also, at [bug 213148 comment 12], I proposed a visible distinguishing
of when sandboxing is _provably_ enabled vs. when not (in titlebar)
to make this status always crystal clear.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200613/6127aa33/attachment-0001.htm>

More information about the webkit-unassigned mailing list