Bug 140075
| Summary: | [Linux] SeccompFilters: cannot open local files if network process is disabled | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> |
| Component: | WebKit2 | Assignee: | Michael Catanzaro <mcatanzaro> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | cgarcia, mcatanzaro, ossy, tmpsantos |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Bug Depends on: | 151418, 151541 | ||
| Bug Blocks: | 140072 | ||
Michael Catanzaro
If the network process is disabled (e.g. by selecting the shared-secondary-process process model) then the web process will be used to load files from disk when the user accesses a file:// URI (either manually or through a browser's file chooser). But with seccomp filters enabled, the web process has no permission to open the file. We have a few different options:
* Disable the sandbox when the network process is disabled.
* Make the network process mandatory. (This is what Apple wants to do, anyway.)
* Implement runtime sandbox extensions, so the UI process can tell the seccomp broker to allow a trapped process access to additional files. Apple has sandbox extensions already working in the cross-platform code, but it would require significant modifications to the seccomp filters backend (see also bug #140062) so this may not be a short-term project.
Long-term, there is value in implementing sandbox extensions even if the network process is mandatory -- not for the web process, but for the network process, so that we can sandbox the network process as well.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
Network process is now mandatory.
Michael Catanzaro
(In reply to comment #1)
> Network process is now mandatory.
It got rolled out.