feat: enable setuid sandbox on linux (#17269)
This commit is contained in:
parent
890f38e8fa
commit
652e232813
3 changed files with 7 additions and 5 deletions
3
BUILD.gn
3
BUILD.gn
|
@ -1026,6 +1026,9 @@ dist_zip("electron_dist_zip") {
|
||||||
":licenses",
|
":licenses",
|
||||||
":electron_version",
|
":electron_version",
|
||||||
]
|
]
|
||||||
|
if (is_linux) {
|
||||||
|
data_deps += [ "//sandbox/linux:chrome_sandbox" ]
|
||||||
|
}
|
||||||
outputs = [
|
outputs = [
|
||||||
"$root_build_dir/dist.zip",
|
"$root_build_dir/dist.zip",
|
||||||
]
|
]
|
||||||
|
|
|
@ -237,10 +237,6 @@ void AtomMainDelegate::PreSandboxStartup() {
|
||||||
if (!IsBrowserProcess(command_line))
|
if (!IsBrowserProcess(command_line))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
// Disable setuid sandbox since it is not longer required on
|
|
||||||
// linux (namespace sandbox is available on most distros).
|
|
||||||
command_line->AppendSwitch(service_manager::switches::kDisableSetuidSandbox);
|
|
||||||
|
|
||||||
// Allow file:// URIs to read other file:// URIs by default.
|
// Allow file:// URIs to read other file:// URIs by default.
|
||||||
command_line->AppendSwitch(::switches::kAllowFileAccessFromFiles);
|
command_line->AppendSwitch(::switches::kAllowFileAccessFromFiles);
|
||||||
|
|
||||||
|
|
|
@ -61,7 +61,10 @@ def main(argv):
|
||||||
for file in files:
|
for file in files:
|
||||||
z.write(os.path.join(root, file))
|
z.write(os.path.join(root, file))
|
||||||
else:
|
else:
|
||||||
z.write(dep)
|
basename = os.path.basename(dep)
|
||||||
|
dirname = os.path.dirname(dep)
|
||||||
|
arcname = os.path.join(dirname, 'chrome-sandbox') if basename == 'chrome_sandbox' else dep
|
||||||
|
z.write(dep, arcname)
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
sys.exit(main(sys.argv[1:]))
|
sys.exit(main(sys.argv[1:]))
|
||||||
|
|
Loading…
Add table
Reference in a new issue