fix: always disable setuid sandbox on linux

electron · Nov 14, 2018 · 34de1a5 · 34de1a5
1 parent b53a858
commit 34de1a5
Showing 1 changed file with 8 additions and 10 deletions.
diff --git a/atom/app/atom_main_delegate.cc b/atom/app/atom_main_delegate.cc
@@ -209,16 +209,14 @@ void AtomMainDelegate::PreSandboxStartup() {
   if (!IsBrowserProcess(command_line))
     return;
 
-  if (!command_line->HasSwitch(switches::kEnableMixedSandbox)) {
-    if (command_line->HasSwitch(switches::kEnableSandbox)) {
-      // Disable setuid sandbox since it is not longer required on
-      // linux(namespace sandbox is available on most distros).
-      command_line->AppendSwitch(
-          service_manager::switches::kDisableSetuidSandbox);
-    } else {
-      // Disable renderer sandbox for most of node's functions.
-      command_line->AppendSwitch(service_manager::switches::kNoSandbox);
-    }
+  // Disable setuid sandbox since it is not longer required on
+  // linux (namespace sandbox is available on most distros).
+  command_line->AppendSwitch(service_manager::switches::kDisableSetuidSandbox);
+
+  if (!command_line->HasSwitch(switches::kEnableMixedSandbox) &&
+      !command_line->HasSwitch(switches::kEnableSandbox)) {
+    // Disable renderer sandbox for most of node's functions.
+    command_line->AppendSwitch(service_manager::switches::kNoSandbox);
   }
 
   // Allow file:// URIs to read other file:// URIs by default.