enable-mixed-sandbox option
This commit is contained in:
parent
3ba0e288f7
commit
07f550a748
4 changed files with 18 additions and 12 deletions
|
@ -125,11 +125,16 @@ void AtomMainDelegate::PreSandboxStartup() {
|
|||
// Only append arguments for browser process.
|
||||
if (!IsBrowserProcess(command_line))
|
||||
return;
|
||||
|
||||
if (command_line->HasSwitch(switches::kEnableSandbox)) {
|
||||
// Disable setuid sandbox since it is not longer required on linux(namespace
|
||||
// sandbox is available on most distros).
|
||||
command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
|
||||
|
||||
if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) {
|
||||
if (command_line->HasSwitch(switches::kEnableSandbox)) {
|
||||
// Disable setuid sandbox since it is not longer required on linux(namespace
|
||||
// sandbox is available on most distros).
|
||||
command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
|
||||
} else {
|
||||
// Disable renderer sandbox for most of node's functions.
|
||||
command_line->AppendSwitch(::switches::kNoSandbox);
|
||||
}
|
||||
}
|
||||
|
||||
// Allow file:// URIs to read other file:// URIs by default.
|
||||
|
|
|
@ -108,14 +108,11 @@ void WebContentsPreferences::AppendExtraCommandLineSwitches(
|
|||
command_line->AppendSwitchASCII(switches::kWebviewTag,
|
||||
webview_tag ? "true" : "false");
|
||||
|
||||
if (IsSandboxed(web_contents)) {
|
||||
// pass `--enable-sandbox` to the renderer so it won't have any node.js
|
||||
// integration.
|
||||
// If the `sandbox` option was passed to the BrowserWindow's webPreferences,
|
||||
// pass `--enable-sandbox` to the renderer so it won't have any node.js
|
||||
// integration.
|
||||
if (IsSandboxed(web_contents))
|
||||
command_line->AppendSwitch(switches::kEnableSandbox);
|
||||
} else {
|
||||
// Disable renderer sandbox for most of node's functions.
|
||||
command_line->AppendSwitch(::switches::kNoSandbox);
|
||||
}
|
||||
|
||||
if (web_preferences.GetBoolean("nativeWindowOpen", &b) && b)
|
||||
command_line->AppendSwitch(switches::kNativeWindowOpen);
|
||||
|
|
|
@ -138,6 +138,9 @@ namespace switches {
|
|||
// Enable chromium sandbox.
|
||||
const char kEnableSandbox[] = "enable-sandbox";
|
||||
|
||||
// Enable sandbox in only remote content windows.
|
||||
const char kEnableMixedSandbox[] = "enable-mixed-sandbox";
|
||||
|
||||
// Enable plugins.
|
||||
const char kEnablePlugins[] = "enable-plugins";
|
||||
|
||||
|
|
|
@ -74,6 +74,7 @@ extern const char kWebviewTag[];
|
|||
namespace switches {
|
||||
|
||||
extern const char kEnableSandbox[];
|
||||
extern const char kEnableMixedSandbox[];
|
||||
extern const char kEnablePlugins[];
|
||||
extern const char kPpapiFlashPath[];
|
||||
extern const char kPpapiFlashVersion[];
|
||||
|
|
Loading…
Reference in a new issue