enable-mixed-sandbox option
This commit is contained in:
parent
3ba0e288f7
commit
07f550a748
4 changed files with 18 additions and 12 deletions
|
@ -125,11 +125,16 @@ void AtomMainDelegate::PreSandboxStartup() {
|
||||||
// Only append arguments for browser process.
|
// Only append arguments for browser process.
|
||||||
if (!IsBrowserProcess(command_line))
|
if (!IsBrowserProcess(command_line))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (command_line->HasSwitch(switches::kEnableSandbox)) {
|
if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) {
|
||||||
// Disable setuid sandbox since it is not longer required on linux(namespace
|
if (command_line->HasSwitch(switches::kEnableSandbox)) {
|
||||||
// sandbox is available on most distros).
|
// Disable setuid sandbox since it is not longer required on linux(namespace
|
||||||
command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
|
// sandbox is available on most distros).
|
||||||
|
command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
|
||||||
|
} else {
|
||||||
|
// Disable renderer sandbox for most of node's functions.
|
||||||
|
command_line->AppendSwitch(::switches::kNoSandbox);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Allow file:// URIs to read other file:// URIs by default.
|
// Allow file:// URIs to read other file:// URIs by default.
|
||||||
|
|
|
@ -108,14 +108,11 @@ void WebContentsPreferences::AppendExtraCommandLineSwitches(
|
||||||
command_line->AppendSwitchASCII(switches::kWebviewTag,
|
command_line->AppendSwitchASCII(switches::kWebviewTag,
|
||||||
webview_tag ? "true" : "false");
|
webview_tag ? "true" : "false");
|
||||||
|
|
||||||
if (IsSandboxed(web_contents)) {
|
// If the `sandbox` option was passed to the BrowserWindow's webPreferences,
|
||||||
// pass `--enable-sandbox` to the renderer so it won't have any node.js
|
// pass `--enable-sandbox` to the renderer so it won't have any node.js
|
||||||
// integration.
|
// integration.
|
||||||
|
if (IsSandboxed(web_contents))
|
||||||
command_line->AppendSwitch(switches::kEnableSandbox);
|
command_line->AppendSwitch(switches::kEnableSandbox);
|
||||||
} else {
|
|
||||||
// Disable renderer sandbox for most of node's functions.
|
|
||||||
command_line->AppendSwitch(::switches::kNoSandbox);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (web_preferences.GetBoolean("nativeWindowOpen", &b) && b)
|
if (web_preferences.GetBoolean("nativeWindowOpen", &b) && b)
|
||||||
command_line->AppendSwitch(switches::kNativeWindowOpen);
|
command_line->AppendSwitch(switches::kNativeWindowOpen);
|
||||||
|
|
|
@ -138,6 +138,9 @@ namespace switches {
|
||||||
// Enable chromium sandbox.
|
// Enable chromium sandbox.
|
||||||
const char kEnableSandbox[] = "enable-sandbox";
|
const char kEnableSandbox[] = "enable-sandbox";
|
||||||
|
|
||||||
|
// Enable sandbox in only remote content windows.
|
||||||
|
const char kEnableMixedSandbox[] = "enable-mixed-sandbox";
|
||||||
|
|
||||||
// Enable plugins.
|
// Enable plugins.
|
||||||
const char kEnablePlugins[] = "enable-plugins";
|
const char kEnablePlugins[] = "enable-plugins";
|
||||||
|
|
||||||
|
|
|
@ -74,6 +74,7 @@ extern const char kWebviewTag[];
|
||||||
namespace switches {
|
namespace switches {
|
||||||
|
|
||||||
extern const char kEnableSandbox[];
|
extern const char kEnableSandbox[];
|
||||||
|
extern const char kEnableMixedSandbox[];
|
||||||
extern const char kEnablePlugins[];
|
extern const char kEnablePlugins[];
|
||||||
extern const char kPpapiFlashPath[];
|
extern const char kPpapiFlashPath[];
|
||||||
extern const char kPpapiFlashVersion[];
|
extern const char kPpapiFlashVersion[];
|
||||||
|
|
Loading…
Reference in a new issue