mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix: always disable setuid sandbox on linux (#15722)

Browse source
This commit is contained in:
Jeremy Apthorp 2018-11-15 13:27:56 -08:00 committed by GitHub
parent 0642be296d
commit 20116d7f05
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
atom/app/atom_main_delegate.cc
View file

@ -209,16 +209,14 @@ void AtomMainDelegate::PreSandboxStartup() {
if (!IsBrowserProcess(command_line))
return;
if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) {
if (command_line->HasSwitch(switches::kEnableSandbox)) {
// Disable setuid sandbox since it is not longer required on
// linux(namespace sandbox is available on most distros).
command_line->AppendSwitch(
service_manager::switches::kDisableSetuidSandbox);
} else {
// Disable renderer sandbox for most of node's functions.
command_line->AppendSwitch(service_manager::switches::kNoSandbox);
}
// Disable setuid sandbox since it is not longer required on
// linux (namespace sandbox is available on most distros).
command_line->AppendSwitch(service_manager::switches::kDisableSetuidSandbox);
if (!command_line->HasSwitch(switches::kEnableMixedSandbox) &&
!command_line->HasSwitch(switches::kEnableSandbox)) {
// Disable renderer sandbox for most of node's functions.
command_line->AppendSwitch(service_manager::switches::kNoSandbox);
}
// Allow file:// URIs to read other file:// URIs by default.