189963 2018-09-25 11:40:07 -0700 [WPE][GTK] Fix file:// URI access in sandbox 2018-10-15 08:08:45 -0700 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build Unspecified Unspecified RESOLVED INVALID P2 Normal --- 189956 1 pgriffis webkit-unassigned bugs-noreply oldest_to_newest 1463246 0 pgriffis 2018-09-25 11:40:07 -0700 Currently `file://` URIs are all handled by the NetworkProcess which does not have filesystem access. Granting that access would defeat the purpose of the sandbox so this needs to be moved out of this process. One idea would be creating a new LocalFileProcess or such so it could work but doesn't compromise every websites NetworkProcess. This cannot be solved by simply mounting requested URIs dynamically at runtime as all `bwrap` permissions happen once at process creation and adding bind mounts later would require root permissions which is not ideal. We also cannot use the `document-portal` that flatpak uses because it does not handle directories yet and doesn't have any solid plans how to do so. 1469215 1 pgriffis 2018-10-15 08:08:45 -0700 We've decided to trust the NetworkProcess for now and not sandbox it so this no longer applies.