Hi, One of the things I am wondering how does this fair with Flatpak'ed applications, since its what we are recommending nowdays for users to use. My understanding is that the webkit bwrap sandbox is only functional in non-nested bwrap sessions which means that while the Flatpak apps might be sandboxed, they most likely still have network access and the media related processes for example are not isolated.
Is this accurate? and if so while Flatpak apps are already isolated from the host system to some extent, there isn't an easy way to cut of network access per-process unless you cut off access for the whole application. Are there any plans for addressing this? Cheers, Jordan ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, June 16, 2020 11:47 PM, Michael Catanzaro <mcatanz...@gnome.org> wrote: > Hi, > > Please help GNOME sandbox all its uses of WebKit! We're about halfway > done: > > https://gitlab.gnome.org/GNOME/Initiatives/-/issues/19 > > If you maintain an application using WebKit that hasn't yet enabled the > sandbox, it usually only requires one or two lines of code. > Applications that use a web process extension may be more complicated, > but we don't have many of those. > > Michael > > desktop-devel-list mailing list > desktop-devel-list@gnome.org > https://mail.gnome.org/mailman/listinfo/desktop-devel-list _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
