All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-arago][PATCH] qtwebengine: replace patch with chromium flags
@ 2021-10-05 21:25 Vivien Didelot
  2021-10-05 22:52 ` [meta-ti] " Denys Dmytriyenko
  0 siblings, 1 reply; 3+ messages in thread
From: Vivien Didelot @ 2021-10-05 21:25 UTC (permalink / raw)
  To: meta-ti; +Cc: Eric Ruei, Praneeth Bajjuri, Denys Dmytriyenko

Instead of maintaining an inappropriate hack on qtwebengine to disable
seccomp filter sandbox, export the corresponding chromium flag in
the QTWEBENGINE_CHROMIUM_FLAGS environment variable.

Signed-off-by: Vivien Didelot <vdidelot@pbsc.com>
---
 .../qt5/qtbase-conf/ti33x/qt_env.sh           |  5 +++
 ...-disable-SECCOMP-BPF-Sandbox-at-star.patch | 32 -------------------
 .../recipes-qt/qt5/qtwebengine_git.bbappend   |  4 ---
 3 files changed, 5 insertions(+), 36 deletions(-)
 delete mode 100644 meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch

diff --git a/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh b/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh
index 29fa2969..96526393 100644
--- a/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh
+++ b/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh
@@ -7,3 +7,8 @@ export QT_QPA_EGLFS_KMS_CONFIG=/etc/qt5/eglfs_kms_cfg.json
 export QT_QPA_EGLFS_INTEGRATION=eglfs_kms
 export QT_QPA_EGLFS_ALWAYS_SET_MODE=1
 export QT_WAYLAND_SHELL_INTEGRATION=wl-shell
+
+# SECCOMP-BPF Sandbox does not work due to unexpected FUTEX_UNLOCK_PI call
+# from the pthread implementation. Disable this feature temporarily until
+# those issues are resolved.
+export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
diff --git a/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch b/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch
deleted file mode 100644
index 09f1870d..00000000
--- a/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 77fc6e4391562a1f84d82b58319a73de08242797 Mon Sep 17 00:00:00 2001
-From: Eric Ruei <e-ruei1@ti.com>
-Date: Fri, 8 Mar 2019 18:17:06 -0500
-Subject: [PATCH 3/3] qtwebengine: HACK: disable SECCOMP-BPF Sandbox at startup
-
-SECCOMP-BPF Sandbox does not work due to unexpected FUTEX_UNLOCK_PI call
-from the pthread implementation
-Disable this feature temporarily until those issues are resolved.
-
-Upstream-Status: Inappropriate [HACK]
-
-Signed-off-by: Eric Ruei <e-ruei1@ti.com>
----
- src/core/web_engine_context.cpp | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/core/web_engine_context.cpp b/src/core/web_engine_context.cpp
-index 48e5bc4..9ba3fa4 100644
---- a/src/core/web_engine_context.cpp
-+++ b/src/core/web_engine_context.cpp
-@@ -347,6 +347,8 @@ WebEngineContext::WebEngineContext()
-         parsedCommandLine->AppendSwitch(switches::kNoSandbox);
- #elif defined(Q_OS_LINUX)
-         parsedCommandLine->AppendSwitch(service_manager::switches::kDisableSetuidSandbox);
-+        // HACK: disable seccomp filter sandbox for now because it does not work
-+        parsedCommandLine->AppendSwitch(service_manager::switches::kDisableSeccompFilterSandbox);
- #endif
-     } else {
-         parsedCommandLine->AppendSwitch(switches::kNoSandbox);
--- 
-1.9.1
-
diff --git a/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend b/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend
index c50b020f..6459bbf7 100644
--- a/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend
+++ b/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend
@@ -1,8 +1,4 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 PR_append = ".arago1"
 
-SRC_URI += " \
-    file://0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch \
-"
-
 DEPENDS += "bison-native"
-- 
2.33.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [meta-ti] [meta-arago][PATCH] qtwebengine: replace patch with chromium flags
  2021-10-05 21:25 [meta-arago][PATCH] qtwebengine: replace patch with chromium flags Vivien Didelot
@ 2021-10-05 22:52 ` Denys Dmytriyenko
  2021-10-05 23:31   ` Vivien Didelot
  0 siblings, 1 reply; 3+ messages in thread
From: Denys Dmytriyenko @ 2021-10-05 22:52 UTC (permalink / raw)
  To: Vivien Didelot; +Cc: meta-ti

Hi,

meta-ti is the wrong mailing list for this patch. Please send it to meta-arago 
instead.

-- 
Denys


On Tue, Oct 05, 2021 at 05:25:07PM -0400, Vivien Didelot wrote:
> Instead of maintaining an inappropriate hack on qtwebengine to disable
> seccomp filter sandbox, export the corresponding chromium flag in
> the QTWEBENGINE_CHROMIUM_FLAGS environment variable.
> 
> Signed-off-by: Vivien Didelot <vdidelot@pbsc.com>
> ---
>  .../qt5/qtbase-conf/ti33x/qt_env.sh           |  5 +++
>  ...-disable-SECCOMP-BPF-Sandbox-at-star.patch | 32 -------------------
>  .../recipes-qt/qt5/qtwebengine_git.bbappend   |  4 ---
>  3 files changed, 5 insertions(+), 36 deletions(-)
>  delete mode 100644 meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch
> 
> diff --git a/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh b/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh
> index 29fa2969..96526393 100644
> --- a/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh
> +++ b/meta-arago-distro/recipes-qt/qt5/qtbase-conf/ti33x/qt_env.sh
> @@ -7,3 +7,8 @@ export QT_QPA_EGLFS_KMS_CONFIG=/etc/qt5/eglfs_kms_cfg.json
>  export QT_QPA_EGLFS_INTEGRATION=eglfs_kms
>  export QT_QPA_EGLFS_ALWAYS_SET_MODE=1
>  export QT_WAYLAND_SHELL_INTEGRATION=wl-shell
> +
> +# SECCOMP-BPF Sandbox does not work due to unexpected FUTEX_UNLOCK_PI call
> +# from the pthread implementation. Disable this feature temporarily until
> +# those issues are resolved.
> +export QTWEBENGINE_CHROMIUM_FLAGS="--disable-seccomp-filter-sandbox"
> diff --git a/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch b/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch
> deleted file mode 100644
> index 09f1870d..00000000
> --- a/meta-arago-distro/recipes-qt/qt5/qtwebengine/0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch
> +++ /dev/null
> @@ -1,32 +0,0 @@
> -From 77fc6e4391562a1f84d82b58319a73de08242797 Mon Sep 17 00:00:00 2001
> -From: Eric Ruei <e-ruei1@ti.com>
> -Date: Fri, 8 Mar 2019 18:17:06 -0500
> -Subject: [PATCH 3/3] qtwebengine: HACK: disable SECCOMP-BPF Sandbox at startup
> -
> -SECCOMP-BPF Sandbox does not work due to unexpected FUTEX_UNLOCK_PI call
> -from the pthread implementation
> -Disable this feature temporarily until those issues are resolved.
> -
> -Upstream-Status: Inappropriate [HACK]
> -
> -Signed-off-by: Eric Ruei <e-ruei1@ti.com>
> ----
> - src/core/web_engine_context.cpp | 2 ++
> - 1 file changed, 2 insertions(+)
> -
> -diff --git a/src/core/web_engine_context.cpp b/src/core/web_engine_context.cpp
> -index 48e5bc4..9ba3fa4 100644
> ---- a/src/core/web_engine_context.cpp
> -+++ b/src/core/web_engine_context.cpp
> -@@ -347,6 +347,8 @@ WebEngineContext::WebEngineContext()
> -         parsedCommandLine->AppendSwitch(switches::kNoSandbox);
> - #elif defined(Q_OS_LINUX)
> -         parsedCommandLine->AppendSwitch(service_manager::switches::kDisableSetuidSandbox);
> -+        // HACK: disable seccomp filter sandbox for now because it does not work
> -+        parsedCommandLine->AppendSwitch(service_manager::switches::kDisableSeccompFilterSandbox);
> - #endif
> -     } else {
> -         parsedCommandLine->AppendSwitch(switches::kNoSandbox);
> --- 
> -1.9.1
> -
> diff --git a/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend b/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend
> index c50b020f..6459bbf7 100644
> --- a/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend
> +++ b/meta-arago-distro/recipes-qt/qt5/qtwebengine_git.bbappend
> @@ -1,8 +1,4 @@
>  FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
>  PR_append = ".arago1"
>  
> -SRC_URI += " \
> -    file://0003-qtwebengine-HACK-disable-SECCOMP-BPF-Sandbox-at-star.patch \
> -"
> -
>  DEPENDS += "bison-native"
> -- 
> 2.33.0
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [meta-ti] [meta-arago][PATCH] qtwebengine: replace patch with chromium flags
  2021-10-05 22:52 ` [meta-ti] " Denys Dmytriyenko
@ 2021-10-05 23:31   ` Vivien Didelot
  0 siblings, 0 replies; 3+ messages in thread
From: Vivien Didelot @ 2021-10-05 23:31 UTC (permalink / raw)
  To: Denys Dmytriyenko; +Cc: meta-ti

Hi Denys,

On Tue, 05 Oct 2021 18:52:24 -0400 Denys Dmytriyenko <denis@denix.org> wrote:
> Hi,
> 
> meta-ti is the wrong mailing list for this patch. Please send it to meta-arago 
> instead.

I subscribed, but I did not receive any confirmation email (yet?). Can you
forward the patch to the meta-arago mailing list in the meantime?


Thanks,

	Vivien

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-05 23:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05 21:25 [meta-arago][PATCH] qtwebengine: replace patch with chromium flags Vivien Didelot
2021-10-05 22:52 ` [meta-ti] " Denys Dmytriyenko
2021-10-05 23:31   ` Vivien Didelot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.