From f71b2b45e5fb17e882b3ece8a3a20b53646e1651 Mon Sep 17 00:00:00 2001 From: Alexandru Croitor Date: Mon, 27 Mar 2017 17:19:18 +0200 Subject: Document sandboxing support Change-Id: I5a4f72493fd892c478074705ccbdb363b4002789 Reviewed-by: Leena Miettinen Reviewed-by: Joerg Bornemann --- src/webengine/doc/src/qtwebengine-platform-notes.qdoc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'src') diff --git a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc index 612a9acb1..3faf839c7 100644 --- a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc +++ b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc @@ -143,4 +143,22 @@ On \macos, if the default QSurfaceFormat is set after the application instance, the application will exit with qFatal(), and print a message that the default QSurfaceFormat should be set before the application instance. + + \section1 Sandboxing Support + + Qt WebEngine provides out-of-the-box sandboxing support for Chromium render processes on Linux + and \macos. Sandboxing is currently not supported on Windows due to a limitation in how + the sandbox is set up and how it interacts with the host process provided by the Qt WebEngine + libraries. + + On \macos, there are no special requirements for enabling sandbox support. + + On Linux, the kernel has to support the anonymous namespaces feature (kernel version >= 3.8) + and seccomp-bpf feature (kernel version >= 3.5). Setuid sandboxes are not supported and are thus + disabled. + + To explicitly disable sandboxing, the \c QTWEBENGINE_DISABLE_SANDBOX environment variable can be + set to 1 or alternatively the \c{--no-sandbox} command line argument can be passed to the user + application executable. + */ -- cgit v1.2.3