diff options
author | Leena Miettinen <riitta-leena.miettinen@qt.io> | 2020-01-27 15:18:52 +0100 |
---|---|---|
committer | Leena Miettinen <riitta-leena.miettinen@qt.io> | 2020-02-02 12:01:27 +0100 |
commit | ffc2fed113af6a7dde8f2e2ff4407281992d92d5 (patch) | |
tree | 5e8ea5461655394278c1ba24fda4b0c9e7056eab /src/webengine | |
parent | 7f1649b438329ec4f698389bbc44ee8d694e4801 (diff) |
Doc: Remove info about Sandboxing not being supported on Windows
Since 5.14.1, it is supported.
List restrictions on Linux and ways of explicitly disabling sandboxing
on all platforms.
Fixes: QTBUG-81688
Change-Id: I7f8fc08b921cc0e50056cc143cbf63b62be90b4e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src/webengine')
-rw-r--r-- | src/webengine/doc/src/qtwebengine-platform-notes.qdoc | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc index 1b8320c0c..1af2141b1 100644 --- a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc +++ b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc @@ -174,20 +174,32 @@ \section1 Sandboxing Support - \QWE provides out-of-the-box sandboxing support for Chromium render processes on Linux - and \macos. Sandboxing is currently not supported on Windows due to a limitation in how - the sandbox is set up and how it interacts with the host process provided by the \QWE - libraries. + \QWE provides out-of-the-box sandboxing support for Chromium render + processes. - On \macos, there are no special requirements for enabling sandbox support. + On Linux, note the following restrictions: - On Linux, the kernel has to support the anonymous namespaces feature (kernel version >= 3.8) - and seccomp-bpf feature (kernel version >= 3.5). Setuid sandboxes are not supported and are thus - disabled. + \list + \li The kernel has to support the anonymous namespaces feature + (kernel version 3.8 or later). However, on Debian, Ubuntu, + and other Debian-derived distributions, this feature is off + by default. It can be turned on by setting + \c /proc/sys/kernel/unprivileged_userns_clone to 1. + \li The kernel has to support the \c seccomp-bpf feature (kernel + version 3.5 or later). + \li Setuid sandboxes are not supported and are thus disabled. + \endlist + + To explicitly disable sandboxing, use one of the following options: + + \list + \li Set the \c QTWEBENGINE_DISABLE_SANDBOX environment variable to 1. + \li Pass the \c{--no-sandbox} command line argument to the user + application executable. + \li Set \c QTWEBENGINE_CHROMIUM_FLAGS to \c{--no-sandbox}. + \endlist - To explicitly disable sandboxing, the \c QTWEBENGINE_DISABLE_SANDBOX environment variable can be - set to 1 or alternatively the \c{--no-sandbox} command line argument can be passed to the user - application executable. + For more information, see \l{Using Command-Line Arguments}. \section1 Accessibility and Performance |