mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable-mixed-sandbox option

Browse source
This commit is contained in:
Hari Juturu 2017-06-08 23:29:35 -07:00
parent 3ba0e288f7
commit 07f550a748
4 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
atom/app/atom_main_delegate.cc
View file

@ -126,10 +126,15 @@ void AtomMainDelegate::PreSandboxStartup() {
if (!IsBrowserProcess(command_line)) if (!IsBrowserProcess(command_line))
return; return;
if (command_line->HasSwitch(switches::kEnableSandbox)) { if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) {
// Disable setuid sandbox since it is not longer required on linux(namespace if (command_line->HasSwitch(switches::kEnableSandbox)) {
// sandbox is available on most distros). // Disable setuid sandbox since it is not longer required on linux(namespace
command_line->AppendSwitch(::switches::kDisableSetuidSandbox); // sandbox is available on most distros).
command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
} else {
// Disable renderer sandbox for most of node's functions.
command_line->AppendSwitch(::switches::kNoSandbox);
}
} }
// Allow file:// URIs to read other file:// URIs by default. // Allow file:// URIs to read other file:// URIs by default.

11
atom/browser/web_contents_preferences.cc
View file

@ -108,14 +108,11 @@ void WebContentsPreferences::AppendExtraCommandLineSwitches(
command_line->AppendSwitchASCII(switches::kWebviewTag, command_line->AppendSwitchASCII(switches::kWebviewTag,
webview_tag ? "true" : "false"); webview_tag ? "true" : "false");
if (IsSandboxed(web_contents)) { // If the `sandbox` option was passed to the BrowserWindow's webPreferences,
// pass `--enable-sandbox` to the renderer so it won't have any node.js // pass `--enable-sandbox` to the renderer so it won't have any node.js
// integration. // integration.
if (IsSandboxed(web_contents))
command_line->AppendSwitch(switches::kEnableSandbox); command_line->AppendSwitch(switches::kEnableSandbox);
} else {
// Disable renderer sandbox for most of node's functions.
command_line->AppendSwitch(::switches::kNoSandbox);
}
if (web_preferences.GetBoolean("nativeWindowOpen", &b) && b) if (web_preferences.GetBoolean("nativeWindowOpen", &b) && b)
command_line->AppendSwitch(switches::kNativeWindowOpen); command_line->AppendSwitch(switches::kNativeWindowOpen);

3
atom/common/options_switches.cc
View file

@ -138,6 +138,9 @@ namespace switches {
// Enable chromium sandbox. // Enable chromium sandbox.
const char kEnableSandbox[] = "enable-sandbox"; const char kEnableSandbox[] = "enable-sandbox";
// Enable sandbox in only remote content windows.
const char kEnableMixedSandbox[] = "enable-mixed-sandbox";
// Enable plugins. // Enable plugins.
const char kEnablePlugins[] = "enable-plugins"; const char kEnablePlugins[] = "enable-plugins";

1
atom/common/options_switches.h
View file

@ -74,6 +74,7 @@ extern const char kWebviewTag[];
namespace switches { namespace switches {
extern const char kEnableSandbox[]; extern const char kEnableSandbox[];
extern const char kEnableMixedSandbox[];
extern const char kEnablePlugins[]; extern const char kEnablePlugins[];
extern const char kPpapiFlashPath[]; extern const char kPpapiFlashPath[];
extern const char kPpapiFlashVersion[]; extern const char kPpapiFlashVersion[];