New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: enable mixed-sandbox mode by default #15894
Conversation
Be aware that
cc @nornagon |
3f9eaa3
to
7421cc3
Compare
Additionally, devtools processes will be sandboxed. |
@nornagon will that break devtron? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nornagon
After enabling sandbox mode for devtools process, the devtools extension APIs implementation would switch to use remote
for Node.js builtin modules instead of using fs
module directly.
However currently remote
is not fully supported in devtools process. The devtools extensions are loaded as iframes, so there would be multiple frames using remote
module in one process, but the current model of remote
assumes only the main frame would use remote
module. This results in devtools extensions not working correctly with mixed sandbox mode.
I tried to modify remote
to be friendly with multi-frames process, but it turns out to be a harder problem than I expect.
I propose disabling sandbox for devtools process in this PR for now, and enable it after we made remote
capable of handling multi-frames process. Otherwise this PR would be blocked for quite a while.
7421cc3
to
e7d4d4d
Compare
Pushed a change which unsandboxes devtools processes. |
@nornagon The Linux CI are still failing for devtools tests, it seems that sandbox are still enabled for devtools process because of zygote process? |
As mentioned in the PR description, this depends on #15870, i think i just need to rebase |
hm, actually it looks like that PR is already merged in the base of this PR. I'll investigate. |
e7d4d4d
to
19e16f7
Compare
on linux it's in a pid sandbox and doesn't match the pid when observed from outside
19e16f7
to
b597fd9
Compare
@zcbenz linux tests are now passing; i think the ARM failures are unrelated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
Talked with @miniak and agreed that we can follow up on the ppapi sandboxing stuff during the beta cycle. |
Release Notes Persisted
|
Description of Change
Currently, in order to launch some renderers sandboxed, an app must enable mixed-sandbox mode either with the command-line switch
--enable-mixed-sandbox
or theapp.enableMixedSandbox()
API. This PR will deprecate that switch, and make mixed-sandbox mode the default. Renderers launched withsandbox: true
will now be actually sandboxed, where previously they would only be sandboxed if mixed-sandbox mode was also enabled.Depends on #15870 for mixed-sandbox mode to be meaningful on Linux.
Checklist
Release Notes
Notes: Mixed-sandbox mode is now enabled by default.
enableMixedSandbox
and the--enable-mixed-sandbox
command-line switch still exist for compatibility, but are deprecated and have no effect.