summaryrefslogtreecommitdiffstats
path: root/src/webengine
diff options
context:
space:
mode:
authorAlexandru Croitor <alexandru.croitor@qt.io>2017-03-27 17:19:18 +0200
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2017-04-11 20:30:46 +0000
commitf71b2b45e5fb17e882b3ece8a3a20b53646e1651 (patch)
treefabcd0203ddaab8a0559aeedb6f67ee4400487ed /src/webengine
parent4802e21bd82cbfe334d6263bcb85f8486ca8589a (diff)
Document sandboxing support
Change-Id: I5a4f72493fd892c478074705ccbdb363b4002789 Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io> Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Diffstat (limited to 'src/webengine')
-rw-r--r--src/webengine/doc/src/qtwebengine-platform-notes.qdoc18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc
index 612a9acb1..3faf839c7 100644
--- a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc
+++ b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc
@@ -143,4 +143,22 @@
On \macos, if the default QSurfaceFormat is set after the application instance, the application
will exit with qFatal(), and print a message that the default QSurfaceFormat should be set
before the application instance.
+
+ \section1 Sandboxing Support
+
+ Qt WebEngine provides out-of-the-box sandboxing support for Chromium render processes on Linux
+ and \macos. Sandboxing is currently not supported on Windows due to a limitation in how
+ the sandbox is set up and how it interacts with the host process provided by the Qt WebEngine
+ libraries.
+
+ On \macos, there are no special requirements for enabling sandbox support.
+
+ On Linux, the kernel has to support the anonymous namespaces feature (kernel version >= 3.8)
+ and seccomp-bpf feature (kernel version >= 3.5). Setuid sandboxes are not supported and are thus
+ disabled.
+
+ To explicitly disable sandboxing, the \c QTWEBENGINE_DISABLE_SANDBOX environment variable can be
+ set to 1 or alternatively the \c{--no-sandbox} command line argument can be passed to the user
+ application executable.
+
*/