[Webkit-unassigned] [Bug 239682] [GTK] Bubblewrap sandbox lacks support for pipewire

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Apr 23 08:28:11 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=239682

--- Comment #1 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Comment on attachment 458194
  --> https://bugs.webkit.org/attachment.cgi?id=458194
Patch: BubblewrapLauncher.cpp: Add paths required for pipewire

View in context: https://bugs.webkit.org/attachment.cgi?id=458194&action=review

Hi, can you please add a changelog entry using Tools/Scripts/prepare-ChangeLog? Then set the r? and cq? flags to request review and commit, respectively. Thanks for contributing to WebKit!

> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:308
> +    if(!pwRemote) {

if (!pwRemote) {

> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:316
> +    GUniquePtr<char> pwRuntimeFile(g_build_filename(pwRuntimeDir, pwRemote, nullptr));
> +    bindIfExists(args, pwRuntimeFile.get(), BindFlags::ReadWrite);

Well this can't be right, because pwRuntimeDir will generally be nullptr. We should only attempt to bind this location if pwRuntimeDir is set. But if it is, then we probably want to use it *instead* of xdgRuntimeDir, right?

> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:319
> +    GUniquePtr<char> xdgRuntimeFile(g_build_filename(xdgRuntimeDir, pwRemote, nullptr));
> +    bindIfExists(args, xdgRuntimeFile.get(), BindFlags::ReadWrite);
> +
> +    GUniquePtr<char> pwRuntimeFile(g_build_filename(pwRuntimeDir, pwRemote, nullptr));
> +    bindIfExists(args, pwRuntimeFile.get(), BindFlags::ReadWrite);
> +
> +    GUniquePtr<char> sysRuntimeFile(g_build_filename("/run/pipewire", pwRemote, nullptr));
> +    bindIfExists(args, sysRuntimeFile.get(), BindFlags::ReadWrite);

And /run/pipewire doesn't exist at all on my system. When does pipewire actually use this? There is always a valid XDG runtime dir even if the environment variable is unset, so I'm not sure why pipewire would ever fall back to this location.

Anyway, I think what you're trying to do is "bind the pipewire socket, wherever it exists," right? Probably we can implement the same lookup strategy used by pipewire itself? I notice that we can't copy from flatpak, because flatpak doesn't actually grant access to the pipewire socket. I suppose flatpak expects apps to go through the pulseaudio socket instead?

> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:778
>          // FIXME: We should move to Pipewire as soon as viable, Pulse doesn't restrict clients atm.
>          bindPulse(sandboxArgs);

Hi Patrick, is it possible to not do this if binding Pipewire is successful? Or do we need to check if Pipewire is running?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220423/dd18c48f/attachment-0001.htm>

More information about the webkit-unassigned mailing list