Instead of maintaining an inappropriate hack on qtwebengine to disable seccomp filter sandbox, export the corresponding chromium flag in the QTWEBENGINE_CHROMIUM_FLAGS environment variable.
Signed-off-by: Vivien Didelot <[email protected]> --- .../qt5/qtbase-conf/ti33x/qt_env.sh | 5 +++ ...-disable-SECCOMP-BPF-Sandbox-at-star.patch | 32 ------------------- .../recipes-qt/qt5/qtwebengine_git.bbappend | 4 --- 3 files changed, 5 insertions(+), 36 deletions(-) delete mode 100644 meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch diff --git a/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh b/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh index 29fa2969..96526393 100644 --- a/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh +++ b/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh @@ -7,3 +7,8 @@ export QT_QPA_EGLFS_KMS_CONFIG=/etc/qt5/eglfs_kms_cfg.json export QT_QPA_EGLFS_INTEGRATION=eglfs_kms export QT_QPA_EGLFS_ALWAYS_SET_MODE=1 export QT_WAYLAND_SHELL_INTEGRATION=wl-shell + +# SECCOMP-BPF Sandbox does not work due to unexpected FUTEX_UNLOCK_PI call +# from the pthread implementation. Disable this feature temporarily until +# those issues are resolved. +export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox" diff --git a/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch b/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch deleted file mode 100644 index 09f1870d..00000000 --- a/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 77fc6e4391562a1f84d82b58319a73de08242797 Mon Sep 17 00:00:00 2001 -From: Eric Ruei <[email protected]> -Date: Fri, 8 Mar 2019 18:17:06 -0500 -Subject: [PATCH 3/3] qtwebengine: HACK: disable SECCOMP-BPF Sandbox at startup - -SECCOMP-BPF Sandbox does not work due to unexpected FUTEX_UNLOCK_PI call -from the pthread implementation -Disable this feature temporarily until those issues are resolved. - -Upstream-Status: Inappropriate [HACK] - -Signed-off-by: Eric Ruei <[email protected]> ---- - src/core/web_engine_context.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/core/web_engine_context.cpp b/src/core/web_engine_context.cpp -index 48e5bc4..9ba3fa4 100644 ---- a/src/core/web_engine_context.cpp -+++ b/src/core/web_engine_context.cpp -@@ -347,6 +347,8 @@ WebEngineContext::WebEngineContext() - parsedCommandLine->AppendSwitch(switches::kNoSandbox); - #elif defined(Q_OS_LINUX) - parsedCommandLine->AppendSwitch(service_manager::switches::kDisableSetuidSandbox); -+ // HACK: disable seccomp filter sandbox for now because it does not work -+ parsedCommandLine->AppendSwitch(service_manager::switches::kDisableSeccompFilterSandbox); - #endif - } else { - parsedCommandLine->AppendSwitch(switches::kNoSandbox); --- -1.9.1 - diff --git a/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend b/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend index c50b020f..6459bbf7 100644 --- a/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend +++ b/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend @@ -1,8 +1,4 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" PR_append = ".arago1" -SRC_URI += " \ - file://0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch \ -" - DEPENDS += "bison-native" -- 2.33.0 _______________________________________________ meta-arago mailing list [email protected] http://arago-project.org/cgi-bin/mailman/listinfo/meta-arago
