[Webkit-unassigned] [Bug 219196] New: [GTK] Sandbox in Flatpak

Fri Nov 20 02:11:56 PST 2020

https://bugs.webkit.org/show_bug.cgi?id=219196

            Bug ID: 219196
           Summary: [GTK] Sandbox in Flatpak
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcrha at redhat.com
                CC: bugs-noreply at webkitgtk.org

I suggest to disable sandbox (mimic WEBKIT_FORCE_SANBOX=0) when the application runs in a Flatpak sandbox. The current behavior just means to run a sandbox in a sandbox, which feels like an overhead. I know the "attacker" can get to the application data, but not to the system data, thus it should be fine. More or less.

I've got this idea after seeing a Flatpak-related downstream print bug report:
https://gitlab.gnome.org/GNOME/evolution/-/issues/1236

which you may or may not consider covered by the bug #202363.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201120/4c08cf68/attachment.htm>