From 20116d7f0505806160c0fe50605e4327d21861c5 Mon Sep 17 00:00:00 2001 From: Jeremy Apthorp Date: Thu, 15 Nov 2018 13:27:56 -0800 Subject: [PATCH] fix: always disable setuid sandbox on linux (#15722) --- atom/app/atom_main_delegate.cc | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/atom/app/atom_main_delegate.cc b/atom/app/atom_main_delegate.cc index b2c0683e3c0f3..c77edb2781a20 100644 --- a/atom/app/atom_main_delegate.cc +++ b/atom/app/atom_main_delegate.cc @@ -209,16 +209,14 @@ void AtomMainDelegate::PreSandboxStartup() { if (!IsBrowserProcess(command_line)) return; - if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) { - if (command_line->HasSwitch(switches::kEnableSandbox)) { - // Disable setuid sandbox since it is not longer required on - // linux(namespace sandbox is available on most distros). - command_line->AppendSwitch( - service_manager::switches::kDisableSetuidSandbox); - } else { - // Disable renderer sandbox for most of node's functions. - command_line->AppendSwitch(service_manager::switches::kNoSandbox); - } + // Disable setuid sandbox since it is not longer required on + // linux (namespace sandbox is available on most distros). + command_line->AppendSwitch(service_manager::switches::kDisableSetuidSandbox); + + if (!command_line->HasSwitch(switches::kEnableMixedSandbox) && + !command_line->HasSwitch(switches::kEnableSandbox)) { + // Disable renderer sandbox for most of node's functions. + command_line->AppendSwitch(service_manager::switches::kNoSandbox); } // Allow file:// URIs to read other file:// URIs by default.