diff options
| author | Alexandru Croitor <alexandru.croitor@theqtcompany.com> | 2015-12-08 16:04:34 +0100 |
|---|---|---|
| committer | Alexandru Croitor <alexandru.croitor@theqtcompany.com> | 2016-03-23 15:15:30 +0000 |
| commit | 7a49313c84ccd4779e396b7bc8341a331d90f96f (patch) | |
| tree | 95eaa7c47d8a9df809444c38470450739da5b1d6 /src/core/web_engine_context.cpp | |
| parent | 7794aadf9076774296c38743e3be69dd6143d0da (diff) | |
Enable sandboxing for OSX and Linux.
Remove the --no-sandbox option when starting the Chromium render
process and set --disable-setuid-sandbox, so that on Linux a SetUID
sandbox is not used, because Qt WebEngine does not have a separate
SetUID binary.
Task-number: QTBUG-50708
Change-Id: Ibadfc6e25c89bd99ec8aa20dc15de4688c35d386
Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>
Diffstat (limited to 'src/core/web_engine_context.cpp')
| -rw-r--r-- | src/core/web_engine_context.cpp | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/core/web_engine_context.cpp b/src/core/web_engine_context.cpp index 09e131272..4db5b7f4e 100644 --- a/src/core/web_engine_context.cpp +++ b/src/core/web_engine_context.cpp @@ -238,7 +238,20 @@ WebEngineContext::WebEngineContext() base::CommandLine* parsedCommandLine = base::CommandLine::ForCurrentProcess(); parsedCommandLine->AppendSwitchPath(switches::kBrowserSubprocessPath, WebEngineLibraryInfo::getPath(content::CHILD_PROCESS_EXE)); - parsedCommandLine->AppendSwitch(switches::kNoSandbox); + + // Enable sandboxing on OS X and Linux (Desktop / Embedded) by default. + bool disable_sandbox = qEnvironmentVariableIsSet("QTWEBENGINE_DISABLE_SANDBOX"); + if (!disable_sandbox) { +#if defined(Q_OS_WIN) + parsedCommandLine->AppendSwitch(switches::kNoSandbox); +#elif defined(Q_OS_LINUX) + parsedCommandLine->AppendSwitch(switches::kDisableSetuidSandbox); +#endif + } else { + parsedCommandLine->AppendSwitch(switches::kNoSandbox); + qInfo() << "Sandboxing disabled by user."; + } + parsedCommandLine->AppendSwitch(switches::kEnableThreadedCompositing); parsedCommandLine->AppendSwitch(switches::kInProcessGPU); // These are currently only default on OS X, and we don't support them: |