diff options
author | Alexandru Croitor <alexandru.croitor@qt.io> | 2017-03-27 17:19:18 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-04-11 20:30:46 +0000 |
commit | f71b2b45e5fb17e882b3ece8a3a20b53646e1651 (patch) | |
tree | fabcd0203ddaab8a0559aeedb6f67ee4400487ed /src | |
parent | 4802e21bd82cbfe334d6263bcb85f8486ca8589a (diff) |
Document sandboxing support
Change-Id: I5a4f72493fd892c478074705ccbdb363b4002789
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/webengine/doc/src/qtwebengine-platform-notes.qdoc | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc index 612a9acb1..3faf839c7 100644 --- a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc +++ b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc @@ -143,4 +143,22 @@ On \macos, if the default QSurfaceFormat is set after the application instance, the application will exit with qFatal(), and print a message that the default QSurfaceFormat should be set before the application instance. + + \section1 Sandboxing Support + + Qt WebEngine provides out-of-the-box sandboxing support for Chromium render processes on Linux + and \macos. Sandboxing is currently not supported on Windows due to a limitation in how + the sandbox is set up and how it interacts with the host process provided by the Qt WebEngine + libraries. + + On \macos, there are no special requirements for enabling sandbox support. + + On Linux, the kernel has to support the anonymous namespaces feature (kernel version >= 3.8) + and seccomp-bpf feature (kernel version >= 3.5). Setuid sandboxes are not supported and are thus + disabled. + + To explicitly disable sandboxing, the \c QTWEBENGINE_DISABLE_SANDBOX environment variable can be + set to 1 or alternatively the \c{--no-sandbox} command line argument can be passed to the user + application executable. + */ |