Support mixed-sandbox mode on Linux

[nornagon]

Currently, --enable-mixed-sandbox is not supported on Linux because of Chromium's zygote mode on Linux, which spawns a sandboxed child process on boot, and all subsequent renderers are forked from this already-sandboxed "zygote" process.

Chromium itself does not support a "mixed" sandbox mode on Linux, so supporting this will require making changes upstream in Chromium.

Possible approaches:

1. Turn off zygote mode entirely and spawn each new renderer from scratch.
2. Keep a single zygote, spawn sandboxed renderers from the zygote and unsandboxed renderers without the zygote.
3. Spawn two zygotes, one sandboxed and one unsandboxed, and switch between them based on the renderer spawn request.

I think (2) is probably the most feasible.

[GhostlyDark]

Am I correct that as of 5-0-x mixed sandbox is already enforced? #15894
Did the PR #15870 also land in 5-0-x?

With the current v5.0.0-beta the flash plugin under linux refuses to work. This was already the case with previous versions, when I tried using a mixed or full sandbox under linux, thus I left the sandbox off (expect for the webPreferences) in order to make it run.

I kept my main.js the same:
if(process.platform != 'linux') {app.enableSandbox()}

webPreferences: {plugins: true, sandbox: true, nodeIntegration: false, enableRemoteModule: false}

[nornagon]

Yes, 5-0-x enables mixed-sandbox mode on all platforms by default. Please open a new issue for the flash plugin :)

FWIW, sandbox: true without app.enableSandbox() does not in fact enable the sandbox.