mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: always disable setuid sandbox on linux (#15722)

Browse source
This commit is contained in:
Jeremy Apthorp 2018-11-15 13:27:56 -08:00 committed by GitHub
parent 0642be296d
commit 20116d7f05
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

18
atom/app/atom_main_delegate.cc
View file

@ -209,16 +209,14 @@ void AtomMainDelegate::PreSandboxStartup() {
if (!IsBrowserProcess(command_line)) if (!IsBrowserProcess(command_line))
return; return;
if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) { // Disable setuid sandbox since it is not longer required on
if (command_line->HasSwitch(switches::kEnableSandbox)) { // linux (namespace sandbox is available on most distros).
// Disable setuid sandbox since it is not longer required on command_line->AppendSwitch(service_manager::switches::kDisableSetuidSandbox);
// linux(namespace sandbox is available on most distros).
command_line->AppendSwitch( if (!command_line->HasSwitch(switches::kEnableMixedSandbox) &&
service_manager::switches::kDisableSetuidSandbox); !command_line->HasSwitch(switches::kEnableSandbox)) {
} else { // Disable renderer sandbox for most of node's functions.
// Disable renderer sandbox for most of node's functions. command_line->AppendSwitch(service_manager::switches::kNoSandbox);
command_line->AppendSwitch(service_manager::switches::kNoSandbox);
}
} }
// Allow file:// URIs to read other file:// URIs by default. // Allow file:// URIs to read other file:// URIs by default.