mirror of
https://github.com/PartialVolume/shredos.x86_64.git
synced 2026-02-24 11:32:10 +00:00
2a19afecb4
Add an option to enable WebKit's sandbox, which uses kernel namespaces to isolate the processes used for Web content rendering (WebKitWebProcess) and network/disk access (WebKitNetworkProcess). The reason to have an option is that it needs additional dependencies (bubblewrap, xdg-dbus-proxy, libseccomp), and that some users may choose to deploy alternative solution (for example: putting all of WebKit inside its own container, using systemd-nspawn or the like). Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> [Peter: select libseccomp] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>