mbox series

[0/3] Add option to enable WebKitGTK's sandboxing support

Message ID 20190920153106.2274596-1-aperez@igalia.com
Headers show
Series Add option to enable WebKitGTK's sandboxing support | expand

Message

Adrian Perez de Castro Sept. 20, 2019, 3:31 p.m. UTC
Hi all,

This patch series allows using a new security hardening feature added in
WebKitGTK 2.26: sandboxing of WebKit's Web content rendering and network/disk
access processes (WebKitWebProcess and WebKitNetworkProcess, respectively).

The sandboxing feature uses the new bubblewrap and xdg-dbus-proxy packages,
as well as libseccomp (which already had a package in in Buildroot).

Feedback and question on the patch series are welcome, as always :)

Cheers,

Adrian Perez de Castro (3):
  package/bubblewrap: new package
  package/xdg-dbus-proxy: new package
  package/webkitgtk: add option to enable sandboxing support

 DEVELOPERS                                    |  2 +
 package/Config.in                             |  2 +
 package/bubblewrap/Config.in                  |  7 ++
 package/bubblewrap/bubblewrap.hash            |  5 ++
 package/bubblewrap/bubblewrap.mk              | 40 +++++++++
 ...un-the-Bubblewrap-executable-when-co.patch | 87 +++++++++++++++++++
 package/webkitgtk/Config.in                   | 15 ++++
 package/webkitgtk/webkitgtk.mk                | 12 ++-
 package/xdg-dbus-proxy/Config.in              | 14 +++
 package/xdg-dbus-proxy/xdg-dbus-proxy.hash    |  5 ++
 package/xdg-dbus-proxy/xdg-dbus-proxy.mk      | 17 ++++
 11 files changed, 205 insertions(+), 1 deletion(-)
 create mode 100644 package/bubblewrap/Config.in
 create mode 100644 package/bubblewrap/bubblewrap.hash
 create mode 100644 package/bubblewrap/bubblewrap.mk
 create mode 100644 package/webkitgtk/0002-GTK-WPE-Do-not-run-the-Bubblewrap-executable-when-co.patch
 create mode 100644 package/xdg-dbus-proxy/Config.in
 create mode 100644 package/xdg-dbus-proxy/xdg-dbus-proxy.hash
 create mode 100644 package/xdg-dbus-proxy/xdg-dbus-proxy.mk