WebKit Bugzilla
Attachment 373351 Details for
Bug 199416
: [WPE][GTK] Remove flatpak sandbox
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-199416-20190702121357.patch (text/plain), 9.86 KB, created by
Patrick Griffis
on 2019-07-02 12:13:58 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Patrick Griffis
Created:
2019-07-02 12:13:58 PDT
Size:
9.86 KB
patch
obsolete
>Subversion Revision: 246826 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index c939e7662778cc2b3c75b642691a109fc47c2e81..810559612d5f376f9c81348cbc4413748b3dca9b 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,26 @@ >+2019-07-02 Patrick Griffis <pgriffis@igalia.com> >+ >+ [GTK][WPE] Remove Flatpak sandbox >+ https://bugs.webkit.org/show_bug.cgi?id=199416 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ The flatpak-spawn based sandbox was only a proof of concept and >+ lacks flexibility for our needs so we ended up using it with very >+ permissive permissions and it still imposed limitations that our main >+ bubblewrap sandbox didn't have. >+ >+ So in order to get as many applications using the sandbox as possible we >+ will just remove this for now and focus on bubblewrap. At some point >+ it may be possible to improve flatpak-spawn to fit our needs. >+ >+ * SourcesGTK.txt: >+ * SourcesWPE.txt: >+ * UIProcess/Launcher/glib/FlatpakLauncher.cpp: Removed. >+ * UIProcess/Launcher/glib/FlatpakLauncher.h: Removed. >+ * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp: >+ (WebKit::ProcessLauncher::launchProcess): >+ > 2019-06-25 Daniel Bates <dabates@apple.com> > > Non-editable text selections should be modifiable with hardware keyboard >diff --git a/Source/WebKit/SourcesGTK.txt b/Source/WebKit/SourcesGTK.txt >index d3fea01b28bb6db56482e5a119d7d2fbf77cf886..aa3adff942e5e7749f46860540cad5b0d4cfcf8f 100644 >--- a/Source/WebKit/SourcesGTK.txt >+++ b/Source/WebKit/SourcesGTK.txt >@@ -213,7 +213,6 @@ UIProcess/geoclue/GeoclueGeolocationProvider.cpp > > UIProcess/Launcher/glib/ProcessLauncherGLib.cpp @no-unify > UIProcess/Launcher/glib/BubblewrapLauncher.cpp @no-unify >-UIProcess/Launcher/glib/FlatpakLauncher.cpp @no-unify > > UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp > >diff --git a/Source/WebKit/SourcesWPE.txt b/Source/WebKit/SourcesWPE.txt >index 0f3e634c59432b2e502afea306355da8bfdbe67a..e35400f2c29ced344be4202ec09e6a2fde71e1fb 100644 >--- a/Source/WebKit/SourcesWPE.txt >+++ b/Source/WebKit/SourcesWPE.txt >@@ -194,7 +194,6 @@ UIProcess/glib/WebProcessProxyGLib.cpp > > UIProcess/Launcher/glib/ProcessLauncherGLib.cpp > UIProcess/Launcher/glib/BubblewrapLauncher.cpp >-UIProcess/Launcher/glib/FlatpakLauncher.cpp > > UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp > >diff --git a/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp >deleted file mode 100644 >index 6e2d28a377f92cfff484257f8404fb9085b8f6e4..0000000000000000000000000000000000000000 >--- a/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp >+++ /dev/null >@@ -1,71 +0,0 @@ >-/* >- * Copyright (C) 2018 Igalia S.L. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >- * THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >-#include "FlatpakLauncher.h" >- >-#if OS(LINUX) >- >-#include <gio/gio.h> >-#include <wtf/glib/GUniquePtr.h> >- >-namespace WebKit { >- >-GRefPtr<GSubprocess> flatpakSpawn(GSubprocessLauncher* launcher, const WebKit::ProcessLauncher::LaunchOptions& launchOptions, char** argv, int childProcessSocket, GError** error) >-{ >- ASSERT(launcher); >- >- // When we are running inside of flatpak's sandbox we do not have permissions to >- // use the same sandbox we do outside but flatpak offers to create new sandboxes >- // for us using flatpak-spawn. >- // >- // This is just a stub implementation atm though as the Spawn interface does not expose >- // much outside of `--sandbox` (no permissions) and `--no-network`. We need to >- // add some permissions in between those for this to provide meaningful security. >- >- GUniquePtr<gchar> childProcessSocketArg(g_strdup_printf("--forward-fd=%d", childProcessSocket)); >- Vector<const char*> flatpakArgs = { >- "/usr/bin/flatpak-spawn", >- childProcessSocketArg.get(), >- }; >- >- if (launchOptions.processType == ProcessLauncher::ProcessType::Web) >- flatpakArgs.append("--no-network"); >- >- char** newArgv = g_newa(char*, g_strv_length(argv) + flatpakArgs.size() + 1); >- size_t i = 0; >- >- for (const auto& arg : flatpakArgs) >- newArgv[i++] = const_cast<char*>(arg); >- for (size_t x = 0; argv[x]; x++) >- newArgv[i++] = argv[x]; >- newArgv[i++] = nullptr; >- >- return adoptGRef(g_subprocess_launcher_spawnv(launcher, newArgv, error)); >-} >- >-}; >- >-#endif // OS(LINUX) >diff --git a/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h b/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h >deleted file mode 100644 >index 501e20c4baf5b4afc79c3ac8aa536a2bc9cae274..0000000000000000000000000000000000000000 >--- a/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h >+++ /dev/null >@@ -1,43 +0,0 @@ >-/* >- * Copyright (C) 2018 Igalia S.L. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >- * THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#pragma once >- >-#if OS(LINUX) >- >-#include "ProcessLauncher.h" >- >-#include <wtf/glib/GRefPtr.h> >- >-typedef struct _GSubprocess GSubprocess; >-typedef struct _GSubprocessLauncher GSubprocessLauncher; >- >-namespace WebKit { >- >-GRefPtr<GSubprocess> flatpakSpawn(GSubprocessLauncher*, const WebKit::ProcessLauncher::LaunchOptions&, char** argv, int childProcessSocket, GError**); >- >-}; >- >-#endif >diff --git a/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp b/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp >index 11ce1dff38ffc24d1df2ff89f21c1ffc67394f14..fbe58420e022dd6034b5b8ebbaf3e357fdf4285f 100644 >--- a/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp >+++ b/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp >@@ -29,7 +29,6 @@ > > #include "BubblewrapLauncher.h" > #include "Connection.h" >-#include "FlatpakLauncher.h" > #include "ProcessExecutablePath.h" > #include <errno.h> > #include <fcntl.h> >@@ -50,25 +49,6 @@ static void childSetupFunction(gpointer userData) > close(socket); > } > >-#if OS(LINUX) >-static bool isInsideFlatpak() >-{ >- static int ret = -1; >- if (ret != -1) >- return ret; >- >- GUniquePtr<GKeyFile> infoFile(g_key_file_new()); >- if (!g_key_file_load_from_file(infoFile.get(), "/.flatpak-info", G_KEY_FILE_NONE, nullptr)) { >- ret = false; >- return ret; >- } >- >- // If we are in a `flatpak build` session we cannot launch ourselves since we aren't installed. >- ret = !g_key_file_get_boolean(infoFile.get(), "Instance", "build", nullptr); >- return ret; >-} >-#endif >- > void ProcessLauncher::launchProcess() > { > IPC::Connection::SocketPair socketPair = IPC::Connection::createPlatformConnection(IPC::Connection::ConnectionOptions::SetCloexecOnServer); >@@ -136,19 +116,16 @@ void ProcessLauncher::launchProcess() > > GUniqueOutPtr<GError> error; > GRefPtr<GSubprocess> process; >-#if OS(LINUX) >+ >+#if ENABLE(BUBBLEWRAP_SANDBOX) > const char* sandboxEnv = g_getenv("WEBKIT_FORCE_SANDBOX"); > bool sandboxEnabled = m_launchOptions.extraInitializationData.get("enable-sandbox") == "true"; > > if (sandboxEnv) > sandboxEnabled = !strcmp(sandboxEnv, "1"); > >- if (sandboxEnabled && isInsideFlatpak()) >- process = flatpakSpawn(launcher.get(), m_launchOptions, argv, socketPair.client, &error.outPtr()); >-#if ENABLE(BUBBLEWRAP_SANDBOX) >- else if (sandboxEnabled) >+ if (sandboxEnabled) > process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr()); >-#endif > else > #endif > process = adoptGRef(g_subprocess_launcher_spawnv(launcher.get(), argv, &error.outPtr()));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=373351">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 199416
:
373351
|
373359
|
373399