From f71b2b45e5fb17e882b3ece8a3a20b53646e1651 Mon Sep 17 00:00:00 2001
From: Alexandru Croitor <alexandru.croitor@qt.io>
Date: Mon, 27 Mar 2017 17:19:18 +0200
Subject: [PATCH] Document sandboxing support

Change-Id: I5a4f72493fd892c478074705ccbdb363b4002789
Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
---
 .../doc/src/qtwebengine-platform-notes.qdoc    | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc
index 612a9acb1..3faf839c7 100644
--- a/src/webengine/doc/src/qtwebengine-platform-notes.qdoc
+++ b/src/webengine/doc/src/qtwebengine-platform-notes.qdoc
@@ -143,4 +143,22 @@
     On \macos, if the default QSurfaceFormat is set after the application instance, the application
     will exit with qFatal(), and print a message that the default QSurfaceFormat should be set
     before the application instance.
+
+    \section1 Sandboxing Support
+
+    Qt WebEngine provides out-of-the-box sandboxing support for Chromium render processes on Linux
+    and \macos. Sandboxing is currently not supported on Windows due to a limitation in how
+    the sandbox is set up and how it interacts with the host process provided by the Qt WebEngine
+    libraries.
+
+    On \macos, there are no special requirements for enabling sandbox support.
+
+    On Linux, the kernel has to support the anonymous namespaces feature (kernel version >= 3.8)
+    and seccomp-bpf feature (kernel version >= 3.5). Setuid sandboxes are not supported and are thus
+    disabled.
+
+    To explicitly disable sandboxing, the \c QTWEBENGINE_DISABLE_SANDBOX environment variable can be
+    set to 1 or alternatively the \c{--no-sandbox} command line argument can be passed to the user
+    application executable.
+
 */
-- 
GitLab