On Wed, Oct 06, 2021 at 04:54:54PM -0400, Vivien Didelot wrote: > Instead of maintaining an inappropriate hack on qtwebengine to disable > seccomp filter sandbox, export the corresponding chromium flag in > the QTWEBENGINE_CHROMIUM_FLAGS environment variable. > > Signed-off-by: Vivien Didelot <vdide...@pbsc.com> > --- > .../qt5/qtbase-conf/ti33x/qt_env.sh | 5 +++ > ...-disable-SECCOMP-BPF-Sandbox-at-star.patch | 32 ------------------- > .../recipes-qt/qt5/qtwebengine_git.bbappend | 4 --- > 3 files changed, 5 insertions(+), 36 deletions(-) > delete mode 100644 > meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch > > diff --git a/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh > b/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh > index 29fa2969..96526393 100644 > --- a/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh > +++ b/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh > @@ -7,3 +7,8 @@ export QT_QPA_EGLFS_KMS_CONFIG=/etc/qt5/eglfs_kms_cfg.json > export QT_QPA_EGLFS_INTEGRATION=eglfs_kms > export QT_QPA_EGLFS_ALWAYS_SET_MODE=1 > export QT_WAYLAND_SHELL_INTEGRATION=wl-shell > + > +# SECCOMP-BPF Sandbox does not work due to unexpected FUTEX_UNLOCK_PI call > +# from the pthread implementation. Disable this feature temporarily until > +# those issues are resolved. > +export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
Why is this only done for ti33x platform? What about other platforms? > diff --git > a/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch > > b/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch > deleted file mode 100644 > index 09f1870d..00000000 > --- > a/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch > +++ /dev/null > @@ -1,32 +0,0 @@ > -From 77fc6e4391562a1f84d82b58319a73de08242797 Mon Sep 17 00:00:00 2001 > -From: Eric Ruei <e-ru...@ti.com> > -Date: Fri, 8 Mar 2019 18:17:06 -0500 > -Subject: [PATCH 3/3] qtwebengine: HACK: disable SECCOMP-BPF Sandbox at > startup > - > -SECCOMP-BPF Sandbox does not work due to unexpected FUTEX_UNLOCK_PI call > -from the pthread implementation > -Disable this feature temporarily until those issues are resolved. > - > -Upstream-Status: Inappropriate [HACK] > - > -Signed-off-by: Eric Ruei <e-ru...@ti.com> > ---- > - src/core/web_engine_context.cpp | 2 ++ > - 1 file changed, 2 insertions(+) > - > -diff --git a/src/core/web_engine_context.cpp > b/src/core/web_engine_context.cpp > -index 48e5bc4..9ba3fa4 100644 > ---- a/src/core/web_engine_context.cpp > -+++ b/src/core/web_engine_context.cpp > -@@ -347,6 +347,8 @@ WebEngineContext::WebEngineContext() > - parsedCommandLine->AppendSwitch(switches::kNoSandbox); > - #elif defined(Q_OS_LINUX) > - > parsedCommandLine->AppendSwitch(service_manager::switches::kDisableSetuidSandbox); > -+ // HACK: disable seccomp filter sandbox for now because it does not > work > -+ > parsedCommandLine->AppendSwitch(service_manager::switches::kDisableSeccompFilterSandbox); > - #endif > - } else { > - parsedCommandLine->AppendSwitch(switches::kNoSandbox); > --- > -1.9.1 > - > diff --git a/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend > b/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend > index c50b020f..6459bbf7 100644 > --- a/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend > +++ b/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend > @@ -1,8 +1,4 @@ > FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" > PR_append = ".arago1" > > -SRC_URI += " \ > - file://0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch \ > -" > - > DEPENDS += "bison-native" > -- > 2.33.0 -- Regards, Denys Dmytriyenko <de...@denix.org> PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964 Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964 _______________________________________________ meta-arago mailing list meta-arago@arago-project.org http://arago-project.org/cgi-bin/mailman/listinfo/meta-arago