Re: Sandbox all the WebKit!


One of the things I am wondering how does this fair with Flatpak'ed applications, since its what we are 
recommending nowdays for users to use.
My understanding is that the webkit bwrap sandbox is only functional in non-nested bwrap sessions which means 
that while the Flatpak apps might be sandboxed, they most likely still have network access and the media 
related processes for example are not isolated.

Is this accurate? and if so while Flatpak apps are already isolated from the host system to some extent, 
there isn't an easy way to cut of network access per-process unless you cut off access for the whole 
application. Are there any plans for addressing this?


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, June 16, 2020 11:47 PM, Michael Catanzaro <mcatanzaro gnome org> wrote:


Please help GNOME sandbox all its uses of WebKit! We're about halfway

If you maintain an application using WebKit that hasn't yet enabled the
sandbox, it usually only requires one or two lines of code.
Applications that use a web process extension may be more complicated,
but we don't have many of those.


desktop-devel-list mailing list
desktop-devel-list gnome org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]