enable-mixed-sandbox option

This commit is contained in:
Hari Juturu 2017-06-08 23:29:35 -07:00
parent 3ba0e288f7
commit 07f550a748
4 changed files with 18 additions and 12 deletions

View file

@ -125,11 +125,16 @@ void AtomMainDelegate::PreSandboxStartup() {
// Only append arguments for browser process.
if (!IsBrowserProcess(command_line))
return;
if (command_line->HasSwitch(switches::kEnableSandbox)) {
// Disable setuid sandbox since it is not longer required on linux(namespace
// sandbox is available on most distros).
command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) {
if (command_line->HasSwitch(switches::kEnableSandbox)) {
// Disable setuid sandbox since it is not longer required on linux(namespace
// sandbox is available on most distros).
command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
} else {
// Disable renderer sandbox for most of node's functions.
command_line->AppendSwitch(::switches::kNoSandbox);
}
}
// Allow file:// URIs to read other file:// URIs by default.

View file

@ -108,14 +108,11 @@ void WebContentsPreferences::AppendExtraCommandLineSwitches(
command_line->AppendSwitchASCII(switches::kWebviewTag,
webview_tag ? "true" : "false");
if (IsSandboxed(web_contents)) {
// pass `--enable-sandbox` to the renderer so it won't have any node.js
// integration.
// If the `sandbox` option was passed to the BrowserWindow's webPreferences,
// pass `--enable-sandbox` to the renderer so it won't have any node.js
// integration.
if (IsSandboxed(web_contents))
command_line->AppendSwitch(switches::kEnableSandbox);
} else {
// Disable renderer sandbox for most of node's functions.
command_line->AppendSwitch(::switches::kNoSandbox);
}
if (web_preferences.GetBoolean("nativeWindowOpen", &b) && b)
command_line->AppendSwitch(switches::kNativeWindowOpen);

View file

@ -138,6 +138,9 @@ namespace switches {
// Enable chromium sandbox.
const char kEnableSandbox[] = "enable-sandbox";
// Enable sandbox in only remote content windows.
const char kEnableMixedSandbox[] = "enable-mixed-sandbox";
// Enable plugins.
const char kEnablePlugins[] = "enable-plugins";

View file

@ -74,6 +74,7 @@ extern const char kWebviewTag[];
namespace switches {
extern const char kEnableSandbox[];
extern const char kEnableMixedSandbox[];
extern const char kEnablePlugins[];
extern const char kPpapiFlashPath[];
extern const char kPpapiFlashVersion[];