ubuntu-webapps-bugs team mailing list archive

Thread
Date

[Bug 1304648] Re: Forks browser process to run sandbox IPC helper

To: ubuntu-webapps-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1304648@xxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Apr 2014 01:58:58 -0000
Reply-to: Bug 1304648 <1304648@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package oxide-qt - 1.0.0~bzr490-0ubuntu1

---------------
oxide-qt (1.0.0~bzr490-0ubuntu1) trusty; urgency=medium

  * Update to r490
    - Build with enable_plugins: 0 and toolkit_views: 0 to trim the size
      a bit
    - Ensure subframe navigations that require a new window become top-level
      navigations for webviews that don't implement WebView.newViewRequested
    - Add an option for enabling proprietary codecs (ENABLE_PROPRIETARY_CODECS)
    - Build and install the l10n pak files
    - Add file picker support (LP: #1260008)
    - Add some resources to oxide.pak that were missing (eg, directory listing
      HTML)
    - Fix a crash that occurs when handling events from some mouse buttons
    - Add cursor support (LP: #1257662)
    - Reimplement Chromium's RenderSandboxHostLinux so that it runs the sandbox
      IPC helper process as a proper child process rather than just forking
      the browser process, which is dangerous for Oxide (LP: #1304648)
  * Split libffmpegsumo.so in to 2 separate packages (oxideqt-codecs and
    oxideqt-codecs-extra) (LP: #1301341)
 -- Chris Coulson <chris.coulson@xxxxxxxxxxxxx>   Tue, 08 Apr 2014 15:27:09 +0100

** Changed in: oxide-qt (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1304648

Title:
  Forks browser process to run sandbox IPC helper

Status in Oxide Webview:
  Fix Released
Status in “oxide-qt” package in Ubuntu:
  Fix Released

Bug description:
  Chromium forks the browser process to run a sandbox IPC helper
  process, which provides a mechanism for sandboxed renderers to access
  things like the font cache. However, it does this without execing a
  new process image in the child.

  Whilst this is fine for Chromium  (because it forks at startup and
  before any threads are created), it is bad for us for a few reasons:

  By the time we "start" Chromium:
  - We already have a QML app and Qt gunk running in the browser process - I suspect that a lot of the memory used by the app will get copied eventually, which is a waste.
  - We already have many threads running. As threads don't get forked, the child process will deadlock if any thread held a lock it requires at some point.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1304648/+subscriptions

References

[Bug 1304648] [NEW] Forks browser process to run sandbox IPC helper
From: Chris Coulson, 2014-04-08