bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#40837: core-updates: webkitgtk web process sandbox incomplete

From: Jack Hill
Subject: bug#40837: core-updates: webkitgtk web process sandbox incomplete
Date: Mon, 27 Apr 2020 23:03:52 -0400 (EDT)
User-agent: Alpine 2.20 (DEB 67 2015-01-07)
I'm a little bit unstuck now. I found a bubblwrap issue [0], which I believe is the one that we're running into.
[0] https://github.com/containers/bubblewrap/issues/195 "Errors when --bind used with a symlinked path"
With insight gained there, I've determined that the following simplified bwrap invocation succeeds: 

"""
$ bwrap --ro-bind-try /etc/pulse/client.conf /etc/pulse/client.conf --ro-bind /gnu /gnu --ro-bind /run/current-system /run/current-system -- /run/current-system/profile/bin/bash 
"""

while the following invocation fails:

"""
$ bwrap --ro-bind /etc /etc --ro-bind-try /etc/pulse/client.conf /etc/pulse/client.conf --ro-bind /gnu /gnu --ro-bind /run/current-system /run/current-system -- /run/current-system/profile/bin/bash
bwrap: Can't create file at /etc/pulse/client.conf: No such file or directory 
"""
The difference between the working and non-working invocations in that in the non-working invocation, /etc is already mounted withing the new namespace, which includes symlinks at /etc/pulse and /etc/pulse/client.conf, and the later mount of the /etc/pulse/client.conf symlink causese the problem.
Now to figure out what the solution is, and if it is best fixed in webkitgtk or bubblewrap :) 

Ideas welcome!

Best,
Jack
reply via email to
[Prev in Thread] Current Thread [Next in Thread]