Details
-
Task
-
Resolution: Done
-
P2: Important
-
5.13.0 Alpha 1
-
None
-
macOS 10.14.1
-
macOS
-
dc2a429c4dfccb045a0b2313bc3440852349bffa (qt/qtwebengine-chromium/71-based) d3a6b236949a0197f998eeb58145c208552de4fe (qt/qtwebengine/dev) 1f0468891f67d10e1ee5434e3addbc4a3be68c85 (qt/qtwebengine-chromium/73-based)
Description
Chromium removed support for macOS Sandbox V1, and explicitly uses V2.
Qt WebEngine is not yet adapted to use that, which means that the renderer process asserts on startup with the following backtrace:
[67042:775:0116/182543.707478:FATAL:sandbox_init_mac.cc(90)] Check failed: sandbox::Seatbelt::IsSandboxed(). 0 libQt5WebEngineCore_debug.5.dylib 0x000000011927c4fe base::debug::StackTrace::StackTrace(unsigned long) + 174 1 libQt5WebEngineCore_debug.5.dylib 0x000000011927c55d base::debug::StackTrace::StackTrace(unsigned long) + 29 2 libQt5WebEngineCore_debug.5.dylib 0x0000000118edce7c base::debug::StackTrace::StackTrace() + 28 3 libQt5WebEngineCore_debug.5.dylib 0x0000000118f3baaf logging::LogMessage::~LogMessage() + 479 4 libQt5WebEngineCore_debug.5.dylib 0x0000000118f36185 logging::LogMessage::~LogMessage() + 21 5 libQt5WebEngineCore_debug.5.dylib 0x00000001131f0b3e content::(anonymous namespace)::GetSandboxTypeFromCommandLine(service_manager::SandboxType*) + 398 6 libQt5WebEngineCore_debug.5.dylib 0x00000001131f08dd content::InitializeSandbox(base::OnceCallback<void ()>) + 45 7 libQt5WebEngineCore_debug.5.dylib 0x000000012125c0cb content::RendererMainPlatformDelegate::EnableSandbox() + 123 8 libQt5WebEngineCore_debug.5.dylib 0x0000000120ca1b90 content::RendererMain(content::MainFunctionParams const&) + 3472 9 libQt5WebEngineCore_debug.5.dylib 0x00000001186e7885 content::RunOtherNamedProcessTypeMain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::MainFunctionParams const&, content::ContentMainDelegate*) + 485 10 libQt5WebEngineCore_debug.5.dylib 0x00000001186eaf23 content::ContentMainRunnerImpl::Run(bool) + 5395 11 libQt5WebEngineCore_debug.5.dylib 0x00000001186dfba7 content::ContentServiceManagerMainDelegate::RunEmbedderProcess() + 71 12 libQt5WebEngineCore_debug.5.dylib 0x000000011e2f711f service_manager::Main(service_manager::MainParams const&) + 3743 13 libQt5WebEngineCore_debug.5.dylib 0x00000001186e74ec content::ContentMain(content::ContentMainParams const&) + 92 14 libQt5WebEngineCore_debug.5.dylib 0x0000000110aeb7e0 QtWebEngine::processMain(int, char const**) + 80 15 QtWebEngineProcess 0x0000000109635b35 main + 741 16 libdyld.dylib 0x00007fff7cfea08d start + 1
We need to adapt our code to make it compatible with V2, otherwise sandboxing on macOS won't work.
The assert can currently be circumvented by passing "--no-sandbox" on the command line when running a Qt WebEngine application.
Some additional info:
Chromium bug tracker issue: https://bugs.chromium.org/p/chromium/issues/detail?id=689306
Chromium Embedded Framework bug tracker issue: https://bitbucket.org/chromiumembedded/cef/issues/2459/macos-enable-the-macv2sandbox
Sandbox V2 Info: https://chromium.googlesource.com/chromium/src/+/master/sandbox/mac/seatbelt_sandbox_design.md
To check which resource accesses are denied, run the application with this special flag, and check the messages in Console.app (search for "sandbox" in the filtering input, usually it appears both for the sandboxd and kernel processes).
simplebrowser.app/Contents/MacOS/simplebrowser --enable-sandbox-logging
Attachments
Issue Links
- relates to
-
QTBUG-70715 Select inputs, radio inputs don't render correctly w/Mojave
-
- Closed
-