Michael Catanzaro wrote:
> I presume it uses a sandboxed multiprocess architecture anyway, like
> upstream Chromium. Is it not true?
>
> If so, it's surely one of the most secure packages we have in Fedora.
> Of course, that's no good excuse to fall behind on security updates.
> But I have high confidence in Chromium's sandbox.
It is true. QtWebEngine uses the Chromium seccomp sandbox. (I can definitely
confirm that because bugs in the sandbox policy, such as incompatibilities
with newer glibc versions, immediately manifest in some or all web pages
completely failing to render. I have had to fix a couple of these. So
seccomp is definitely used.)
Kevin Kofler
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
