Changeset 247096 in webkit


Ignore:
Timestamp:
Jul 3, 2019 12:50:25 PM (5 years ago)
Author:
commit-queue@webkit.org
Message:

[GTK][WPE] Remove Flatpak sandbox
https://bugs.webkit.org/show_bug.cgi?id=199416

Patch by Patrick Griffis <Patrick Griffis> on 2019-07-03
Reviewed by Michael Catanzaro.

The flatpak-spawn based sandbox was only a proof of concept and
lacks flexibility for our needs so we ended up using it with very
permissive permissions and it still imposed limitations that our main
bubblewrap sandbox didn't have.

So in order to get as many applications using the sandbox as possible we
will just remove this for now and focus on bubblewrap. At some point
it may be possible to improve flatpak-spawn to fit our needs.

  • SourcesGTK.txt:
  • SourcesWPE.txt:
  • UIProcess/Launcher/glib/FlatpakLauncher.cpp: Removed.
  • UIProcess/Launcher/glib/FlatpakLauncher.h: Removed.
  • UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:

(WebKit::ProcessLauncher::launchProcess):

Location:
trunk/Source/WebKit
Files:
2 deleted
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r247095 r247096  
     12019-07-03  Patrick Griffis  <pgriffis@igalia.com>
     2
     3        [GTK][WPE] Remove Flatpak sandbox
     4        https://bugs.webkit.org/show_bug.cgi?id=199416
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        The flatpak-spawn based sandbox was only a proof of concept and
     9        lacks flexibility for our needs so we ended up using it with very
     10        permissive permissions and it still imposed limitations that our main
     11        bubblewrap sandbox didn't have.
     12
     13        So in order to get as many applications using the sandbox as possible we
     14        will just remove this for now and focus on bubblewrap. At some point
     15        it may be possible to improve flatpak-spawn to fit our needs.
     16
     17        * SourcesGTK.txt:
     18        * SourcesWPE.txt:
     19        * UIProcess/Launcher/glib/FlatpakLauncher.cpp: Removed.
     20        * UIProcess/Launcher/glib/FlatpakLauncher.h: Removed.
     21        * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
     22        (WebKit::ProcessLauncher::launchProcess):
     23
    1242019-07-03  Ryan Haddad  <ryanhaddad@apple.com>
    225
  • trunk/Source/WebKit/SourcesGTK.txt

    r246877 r247096  
    215215UIProcess/Launcher/glib/ProcessLauncherGLib.cpp @no-unify
    216216UIProcess/Launcher/glib/BubblewrapLauncher.cpp @no-unify
    217 UIProcess/Launcher/glib/FlatpakLauncher.cpp @no-unify
    218217
    219218UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp
  • trunk/Source/WebKit/SourcesWPE.txt

    r246921 r247096  
    196196UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
    197197UIProcess/Launcher/glib/BubblewrapLauncher.cpp
    198 UIProcess/Launcher/glib/FlatpakLauncher.cpp
    199198
    200199UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp
  • trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp

    r246632 r247096  
    3030#include "BubblewrapLauncher.h"
    3131#include "Connection.h"
    32 #include "FlatpakLauncher.h"
    3332#include "ProcessExecutablePath.h"
    3433#include <errno.h>
     
    5150}
    5251
    53 #if OS(LINUX)
     52#if ENABLE(BUBBLEWRAP_SANDBOX)
    5453static bool isInsideFlatpak()
    5554{
     
    5857        return ret;
    5958
    60     GUniquePtr<GKeyFile> infoFile(g_key_file_new());
    61     if (!g_key_file_load_from_file(infoFile.get(), "/.flatpak-info", G_KEY_FILE_NONE, nullptr)) {
    62         ret = false;
    63         return ret;
    64     }
    65 
    66     // If we are in a `flatpak build` session we cannot launch ourselves since we aren't installed.
    67     ret = !g_key_file_get_boolean(infoFile.get(), "Instance", "build", nullptr);
     59    ret = g_file_test("/.flatpak-info", G_FILE_TEST_EXISTS);
    6860    return ret;
    6961}
     
    137129    GUniqueOutPtr<GError> error;
    138130    GRefPtr<GSubprocess> process;
    139 #if OS(LINUX)
     131
     132#if ENABLE(BUBBLEWRAP_SANDBOX)
    140133    const char* sandboxEnv = g_getenv("WEBKIT_FORCE_SANDBOX");
    141134    bool sandboxEnabled = m_launchOptions.extraInitializationData.get("enable-sandbox") == "true";
     
    144137        sandboxEnabled = !strcmp(sandboxEnv, "1");
    145138
    146     if (sandboxEnabled && isInsideFlatpak())
    147         process = flatpakSpawn(launcher.get(), m_launchOptions, argv, socketPair.client, &error.outPtr());
    148 #if ENABLE(BUBBLEWRAP_SANDBOX)
    149     else if (sandboxEnabled)
     139    // You cannot use bubblewrap within Flatpak so lets ensure it never happens.
     140    if (sandboxEnabled && !isInsideFlatpak())
    150141        process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
    151 #endif
    152142    else
    153143#endif
Note: See TracChangeset for help on using the changeset viewer.