140075 2015-01-04 22:20:12 -0800 [Linux] SeccompFilters: cannot open local files if network process is disabled 2015-11-30 11:43:34 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Normal --- 151418 151541 140072 1 mcatanzaro mcatanzaro cgarcia mcatanzaro ossy tmpsantos oldest_to_newest 1058660 0 mcatanzaro 2015-01-04 22:20:12 -0800 If the network process is disabled (e.g. by selecting the shared-secondary-process process model) then the web process will be used to load files from disk when the user accesses a file:// URI (either manually or through a browser's file chooser). But with seccomp filters enabled, the web process has no permission to open the file. We have a few different options: * Disable the sandbox when the network process is disabled. * Make the network process mandatory. (This is what Apple wants to do, anyway.) * Implement runtime sandbox extensions, so the UI process can tell the seccomp broker to allow a trapped process access to additional files. Apple has sandbox extensions already working in the cross-platform code, but it would require significant modifications to the seccomp filters backend (see also bug #140062) so this may not be a short-term project. Long-term, there is value in implementing sandbox extensions even if the network process is mandatory -- not for the web process, but for the network process, so that we can sandbox the network process as well. 1143541 1 mcatanzaro 2015-11-19 18:50:50 -0800 Network process is now mandatory. 1143629 2 mcatanzaro 2015-11-20 05:52:39 -0800 (In reply to comment #1) > Network process is now mandatory. It got rolled out.