mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: always disable setuid sandbox on linux (#15722)

Browse source
This commit is contained in:
Jeremy Apthorp 2018-11-15 13:27:56 -08:00 committed by GitHub
parent 0642be296d
commit 20116d7f05
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
atom/app/atom_main_delegate.cc
View file

@ -209,17 +209,15 @@ void AtomMainDelegate::PreSandboxStartup() {
if (!IsBrowserProcess(command_line)) if (!IsBrowserProcess(command_line))
return; return;
if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) {
if (command_line->HasSwitch(switches::kEnableSandbox)) {
// Disable setuid sandbox since it is not longer required on // Disable setuid sandbox since it is not longer required on
// linux (namespace sandbox is available on most distros). // linux (namespace sandbox is available on most distros).
command_line->AppendSwitch( command_line->AppendSwitch(service_manager::switches::kDisableSetuidSandbox);
service_manager::switches::kDisableSetuidSandbox);
} else { if (!command_line->HasSwitch(switches::kEnableMixedSandbox) &&
!command_line->HasSwitch(switches::kEnableSandbox)) {
// Disable renderer sandbox for most of node's functions. // Disable renderer sandbox for most of node's functions.
command_line->AppendSwitch(service_manager::switches::kNoSandbox); command_line->AppendSwitch(service_manager::switches::kNoSandbox);
} }
}
// Allow file:// URIs to read other file:// URIs by default. // Allow file:// URIs to read other file:// URIs by default.
command_line->AppendSwitch(::switches::kAllowFileAccessFromFiles); command_line->AppendSwitch(::switches::kAllowFileAccessFromFiles);