>They also suggested ff could use flatpak-spawn like webkit does
Right now we just fork(), so replacing that with flatpak-spawn would cause a massive increase in memory usage? You would no longer have CoW sharing of memory. I suspect this only deals with launching the main process (or WebKit would have the same memory usage problem?), and it's not clear to me the "Flatpak Sandbox" it's creating is comparable to what we have now (even with just seccomp-bpf).
Bug 1756236 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
>They also suggested ff could use flatpak-spawn like webkit does
Right now we just fork(), so replacing that with flatpak-spawn would cause a massive increase in memory usage? You would no longer have CoW sharing of memory. I suspect this only deals with launching the main process (or WebKit would have the same memory usage problem?), and it's not clear to me the "Flatpak Sandbox" it's creating is comparable to what we have now (even with just seccomp-bpf). We launch our subprocesses with specific, nailed down sandboxes.
>They also suggested ff could use flatpak-spawn like webkit does
Right now we just fork(), so replacing that with flatpak-spawn would cause a massive increase in memory usage? You would no longer have CoW sharing of memory. I suspect this only deals with launching the main process (or WebKit would have the same memory usage problem?), and it's not clear to me the "Flatpak Sandbox" it's creating is comparable to what we have now (even with just seccomp-bpf). We launch our subprocesses with specific, nailed down sandboxes. So I'm not clear that gets us closer to where we want to be.