feat: enable setuid sandbox on linux (#17343)

electron · Mar 14, 2019 · 3e999ca · 3e999ca
1 parent c8f80ba
commit 3e999ca
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/BUILD.gn b/BUILD.gn
@@ -917,6 +917,9 @@ dist_zip("electron_dist_zip") {
     ":licenses",
     ":electron_version",
   ]
+  if (is_linux) {
+    data_deps += [ "//sandbox/linux:chrome_sandbox" ]
+  }
   outputs = [
     "$root_build_dir/dist.zip",
   ]

diff --git a/atom/app/atom_main_delegate.cc b/atom/app/atom_main_delegate.cc
@@ -237,10 +237,6 @@ void AtomMainDelegate::PreSandboxStartup() {
   if (!IsBrowserProcess(command_line))
     return;
 
-  // Disable setuid sandbox since it is not longer required on
-  // linux (namespace sandbox is available on most distros).
-  command_line->AppendSwitch(service_manager::switches::kDisableSetuidSandbox);
-
   // Allow file:// URIs to read other file:// URIs by default.
   command_line->AppendSwitch(::switches::kAllowFileAccessFromFiles);
 

diff --git a/build/zip.py b/build/zip.py
@@ -61,7 +61,10 @@ def main(argv):
             for file in files:
               z.write(os.path.join(root, file))
         else:
-          z.write(dep)
+          basename = os.path.basename(dep)
+          dirname = os.path.dirname(dep)
+          arcname = os.path.join(dirname, 'chrome-sandbox') if basename == 'chrome_sandbox' else dep
+          z.write(dep, arcname)
 
 if __name__ == '__main__':
   sys.exit(main(sys.argv[1:]))