Upstream?

[eszlari]

Is there a plan to upstream this project into Chromium at some point in the future?

[refi64]

The Chromium Flatpak uses patches for this, but at the moment upstream has said they're not interested in adding new sandboxes, and if they were to ever gain interest in it, it probably wouldn't be right now due to the global situation.

On Wed, Nov 11, 2020 at 5:23 PM eszlari notifications@github.com wrote:

Is there a plan to upstream this project into Chromium at some point in the future?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/refi64/zypak/issues/7, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAM4YSJ6FIDUFZ64MCKXDJLSPMMIHANCNFSM4TSSQ7EQ .

[eszlari]

Do you think that breakage due to upstream changes is likely? Would be too bad, if it suddenly breaks like the Steam flatpak (https://github.com/flathub/com.valvesoftware.Steam/issues/642), because of lack of upstream involvement.

[refi64]

I don't think so, most of the Zygote code is pretty stable at this point, and the setuid sandbox will stick around for a long time, since because Debian still doesn't have user namespaces on by default, and even if they enabled it, Chromium would still have to leave it until the last Debian release without it reaches EOL.

[eszlari]

Thanks for the clarification! This sounds reassuring.

[DemiMarie]

Would it be possible to remove the LD_PRELOAD hacks, and have the zypak binary be the setuid sandbox?