Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: enable mixed-sandbox mode by default #15894

Merged
merged 6 commits into from Jan 22, 2019
Merged

feat: enable mixed-sandbox mode by default #15894

merged 6 commits into from Jan 22, 2019

Conversation

nornagon
Copy link
Member

@nornagon nornagon commented Nov 29, 2018
edited

Description of Change

Currently, in order to launch some renderers sandboxed, an app must enable mixed-sandbox mode either with the command-line switch --enable-mixed-sandbox or the app.enableMixedSandbox() API. This PR will deprecate that switch, and make mixed-sandbox mode the default. Renderers launched with sandbox: true will now be actually sandboxed, where previously they would only be sandboxed if mixed-sandbox mode was also enabled.

Depends on #15870 for mixed-sandbox mode to be meaningful on Linux.

Checklist

Release Notes

Notes: Mixed-sandbox mode is now enabled by default. enableMixedSandbox and the --enable-mixed-sandbox command-line switch still exist for compatibility, but are deprecated and have no effect.

@nornagon nornagon requested review from a team November 29, 2018 22:52
@miniak
Copy link
Contributor

miniak commented Dec 3, 2018
edited

Be aware that

  • GPU process is going to be sandboxed, this should not have any negative effect on apps
  • pepper plugin host processes are going to be sandboxed, this might be a breaking change if apps depend on so-called host-native pepper plugins (should be possible to add an option to opt-out of sandbox for particular plugin / MIME type maybe)

cc @nornagon

@nornagon nornagon mentioned this pull request Dec 3, 2018
Merged
5 tasks
@nornagon
Copy link
Member Author

nornagon commented Dec 6, 2018

Additionally, devtools processes will be sandboxed.

@MarshallOfSound
Copy link
Member

@nornagon will that break devtron?

zcbenz
zcbenz requested changes Dec 6, 2018
View reviewed changes
Copy link
Member

@zcbenz zcbenz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nornagon
After enabling sandbox mode for devtools process, the devtools extension APIs implementation would switch to use remote for Node.js builtin modules instead of using fs module directly.

However currently remote is not fully supported in devtools process. The devtools extensions are loaded as iframes, so there would be multiple frames using remote module in one process, but the current model of remote assumes only the main frame would use remote module. This results in devtools extensions not working correctly with mixed sandbox mode.

I tried to modify remote to be friendly with multi-frames process, but it turns out to be a harder problem than I expect.

I propose disabling sandbox for devtools process in this PR for now, and enable it after we made remote capable of handling multi-frames process. Otherwise this PR would be blocked for quite a while.

@nornagon
Copy link
Member Author

nornagon commented Dec 6, 2018

Pushed a change which unsandboxes devtools processes.

@zcbenz
Copy link
Member

zcbenz commented Dec 7, 2018

@nornagon The Linux CI are still failing for devtools tests, it seems that sandbox are still enabled for devtools process because of zygote process?

@zcbenz zcbenz mentioned this pull request Dec 7, 2018
Merged
5 tasks
@nornagon
Copy link
Member Author

nornagon commented Dec 7, 2018
edited

As mentioned in the PR description, this depends on #15870, i think i just need to rebase

@nornagon
Copy link
Member Author

nornagon commented Dec 7, 2018

hm, actually it looks like that PR is already merged in the base of this PR. I'll investigate.

@nornagon nornagon requested review from a team January 18, 2019 19:23
@nornagon
Copy link
Member Author

@zcbenz linux tests are now passing; i think the ARM failures are unrelated

zcbenz
zcbenz approved these changes Jan 21, 2019
View reviewed changes
Copy link
Member

@zcbenz zcbenz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@nornagon
Copy link
Member Author

Talked with @miniak and agreed that we can follow up on the ppapi sandboxing stuff during the beta cycle.

@nornagon nornagon merged commit 92b9525 into master Jan 22, 2019
@release-clerk
Copy link

release-clerk bot commented Jan 22, 2019

Release Notes Persisted

Mixed-sandbox mode is now enabled by default. enableMixedSandbox and the --enable-mixed-sandbox command-line switch still exist for compatibility, but are deprecated and have no effect.

@nornagon nornagon deleted the enable-mixed-sandbox branch January 22, 2019 18:44
@GhostlyDark GhostlyDark mentioned this pull request Feb 6, 2019
Closed
@miniak miniak mentioned this pull request Mar 19, 2019
Merged
4 tasks
@miniak miniak mentioned this pull request Apr 21, 2019
Merged
5 tasks
@miniak miniak mentioned this pull request Jun 22, 2019
Closed
6 tasks
@n1kk n1kk mentioned this pull request Jun 1, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zcbenz zcbenz zcbenz approved these changes

@miniak miniak miniak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@nornagon @miniak @MarshallOfSound @zcbenz