[Webkit-unassigned] [Bug 219010] [WPE][GTK] SleepDisabler does not inhibit sleep with bubblewrap sandbox enabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 17 12:42:21 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=219010
--- Comment #3 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Michael Catanzaro from comment #0)
> I'm bamboozled as to why the
> file is visible inside the sandbox, but is not there in the host's view of
> the sandbox.
I looked closer. It's there in the WebKitWebProcess sandbox, but xdg-desktop-portal doesn't look into the WebKitWebProcess's mount namespace: it looks into *xdg-dbus-proxy's* mount namespace. And that is running on the host.
The difference is that flatpak sandboxes xdg-dbus-proxy with bwrap, but we run xdg-dbus-proxy unsandboxed. That doesn't seem unreasonable, since xdg-dbus-proxy is trusted, but it seems xdg-desktop-portal relies on this to get the .flatpak-info.
That also resolves my confusion regarding how xdg-dbus-proxy can get UNIX credentials from the sandboxed process if it's only talking to its xdg-dbus-proxy rather than talking to it directly. It doesn't. ;)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201117/d70ee837/attachment.htm>
More information about the webkit-unassigned
mailing list