<html>
    <head>
      <base href="https://bugs.webkit.org/">
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [GTK][WPE] Add API to add paths to sandbox"
   href="https://bugs.webkit.org/show_bug.cgi?id=193571#c28">Comment # 28</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [GTK][WPE] Add API to add paths to sandbox"
   href="https://bugs.webkit.org/show_bug.cgi?id=193571">bug 193571</a>
              from <span class="vcard"><a class="email" href="mailto:youennf@gmail.com" title="youenn fablet <youennf@gmail.com>"> <span class="fn">youenn fablet</span></a>
</span></b>
        <pre>Comment on <span class="bz_obsolete"><a href="attachment.cgi?id=360011&action=diff" name="attach_360011" title="Patch">attachment 360011</a> <a href="attachment.cgi?id=360011&action=edit" title="Patch">[details]</a></span>
Patch

View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=360011&action=review">https://bugs.webkit.org/attachment.cgi?id=360011&action=review</a>

<span class="quote">> Source/WebKit/ChangeLog:4
> +        <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - [GTK][WPE] Add API to add paths to sandbox"
   href="show_bug.cgi?id=193571">https://bugs.webkit.org/show_bug.cgi?id=193571</a></span >

Can you describe the use cases for this API?
Which folders are to be sandboxed?

<span class="quote">> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:763
> +            sandboxArgs.appendVector(Vector<CString>({</span >

Do you need "({" or just one of these.

<span class="quote">> Source/WebKit/UIProcess/WebProcessPool.h:474
> +    void appendSandboxPath(const CString& path, SandboxPermission permission) { m_extraSandboxPaths.set(path, permission); };</span >

One usually append to a vector, not a map.
I would rename it to addSandboxPath and use 'add' instead of 'set' which is slightly cheaper.

<span class="quote">> Source/WebKit/UIProcess/WebProcessPool.h:475
> +    const HashMap<CString, SandboxPermission>& sandboxPaths() { return m_extraSandboxPaths; };</span >

Should be a const method.

<span class="quote">> Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp:47
> +    launchOptions.extraSandboxPaths = m_processPool->sandboxPaths();</span >

The extra sandbox paths seem specific to web processes.
Should the name be made explicit with that regards?</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>