diff options
author | Jüri Valdmann <juri.valdmann@qt.io> | 2020-02-03 12:41:58 +0100 |
---|---|---|
committer | Jüri Valdmann <juri.valdmann@qt.io> | 2020-02-03 12:41:58 +0100 |
commit | c1c2c8d51005c5112dd1d5736b86f9d15c3eadcd (patch) | |
tree | 537db252b12351e057b8e2303862f92f1770c2e9 /src/webengine/doc | |
parent | a6fb2c592bac997baf87016e9dd6b7a3c061ef3c (diff) | |
parent | ffc2fed113af6a7dde8f2e2ff4407281992d92d5 (diff) |
Merge remote-tracking branch 'origin/5.14' into 5.15
Change-Id: I349a4ecbbd9d3d121ca6564db77e417872246554
Diffstat (limited to 'src/webengine/doc')
-rw-r--r-- | src/webengine/doc/src/qtwebengine-platform-notes.qdoc | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc index 1b8320c0c..1af2141b1 100644 --- a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc +++ b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc @@ -174,20 +174,32 @@ \section1 Sandboxing Support - \QWE provides out-of-the-box sandboxing support for Chromium render processes on Linux - and \macos. Sandboxing is currently not supported on Windows due to a limitation in how - the sandbox is set up and how it interacts with the host process provided by the \QWE - libraries. + \QWE provides out-of-the-box sandboxing support for Chromium render + processes. - On \macos, there are no special requirements for enabling sandbox support. + On Linux, note the following restrictions: - On Linux, the kernel has to support the anonymous namespaces feature (kernel version >= 3.8) - and seccomp-bpf feature (kernel version >= 3.5). Setuid sandboxes are not supported and are thus - disabled. + \list + \li The kernel has to support the anonymous namespaces feature + (kernel version 3.8 or later). However, on Debian, Ubuntu, + and other Debian-derived distributions, this feature is off + by default. It can be turned on by setting + \c /proc/sys/kernel/unprivileged_userns_clone to 1. + \li The kernel has to support the \c seccomp-bpf feature (kernel + version 3.5 or later). + \li Setuid sandboxes are not supported and are thus disabled. + \endlist + + To explicitly disable sandboxing, use one of the following options: + + \list + \li Set the \c QTWEBENGINE_DISABLE_SANDBOX environment variable to 1. + \li Pass the \c{--no-sandbox} command line argument to the user + application executable. + \li Set \c QTWEBENGINE_CHROMIUM_FLAGS to \c{--no-sandbox}. + \endlist - To explicitly disable sandboxing, the \c QTWEBENGINE_DISABLE_SANDBOX environment variable can be - set to 1 or alternatively the \c{--no-sandbox} command line argument can be passed to the user - application executable. + For more information, see \l{Using Command-Line Arguments}. \section1 Accessibility and Performance |