What are the best, up to date docs, on Firefox's architecture and, specifically, the current state of sandboxing? (cc @pcwalton iirc you linked me something a while back)
-
-
Replying to @InsanityBit @pcwalton
https://wiki.mozilla.org/Security/Sandbox … stylo https://hacks.mozilla.org/2017/08/inside-a-super-fast-css-engine-quantum-css-aka-stylo/ … webrenderhttps://hacks.mozilla.org/2017/10/the-whole-web-at-maximum-fps-how-webrender-gets-rid-of-jank/ …
1 reply 0 retweets 1 like -
Replying to @RandomFFUser @pcwalton
Yeah, I didn't find the sandbox page particularly enlightening unfortunately.
1 reply 0 retweets 0 likes -
Replying to @InsanityBit @RandomFFUser
What do you want to know in particular about Firefox’s sandbox?
2 replies 0 retweets 0 likes -
Replying to @pcwalton @RandomFFUser
I was hoping to see sort of a "component -> sandbox" type doc so I can see which components, responsible for what, are sandboxed in what way.
1 reply 0 retweets 0 likes -
Replying to @InsanityBit @RandomFFUser
I’m confused. Sandboxes don’t work per-component, they work per-process…
2 replies 0 retweets 0 likes -
Replying to @pcwalton @RandomFFUser
As an example, In 'Current Status' I can see that on Windows the Compositor is sandboxed in Trunk (or that's how I read it). Are there are processes that aren't? On Linux the Compositor isn't mentioned.
2 replies 0 retweets 0 likes -
Replying to @InsanityBit @pcwalton
I think the compositor is not yet a separate process on GNU/Linux
1 reply 0 retweets 0 likes -
Replying to @RandomFFUser @pcwalton
I see. So that would fall under 'content' on that sandbox doc?
1 reply 0 retweets 0 likes
I think the compositor is part of the trusted chrome process on Linux, but I could be wrong here. (Note that the compositor doesn’t directly interact with web content. And I’d like to see if we can remove our browser compositor entirely in favor of WebRender + Wayland…)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.