264456 – Update Network Process sandboxes to allow SYS_unlinkat to support the C++ library implementation

Bug 264456 - Update Network Process sandboxes to allow SYS_unlinkat to support the C++ library implementation

Summary: Update Network Process sandboxes to allow SYS_unlinkat to support the C++ lib...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-11-08 17:03 PST by Brent Fulgham
Modified:	2023-11-09 16:30 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2023-11-08 17:03:53 PST

Telemetry shows us that the C++ library (specifically the `fs::filesystem` implementations) use `unlinkat`syscall. We don't allow that in our sandbox, leading to files not being deleted.

This patch updates our Network process sandboxes to support this operation.

<rdar://106765639>

Comment 1 Brent Fulgham 2023-11-08 17:13:06 PST

Pull request: https://github.com/WebKit/WebKit/pull/20207

Comment 2 Brent Fulgham 2023-11-09 16:30:11 PST

Digging further, I discovered that the `libcxx` code path is not used for shipping software. It must have been a hit for a custom build of some kind that turned off the higher-performance file operations we normally use.

So I'm going to close this -- no need to change the sandbox.