Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add ELECTRON_DISABLE_SANDBOX env var #16576

Merged
merged 1 commit into from Jan 29, 2019
Merged

feat: add ELECTRON_DISABLE_SANDBOX env var #16576

merged 1 commit into from Jan 29, 2019

Conversation

nornagon
Copy link
Member

Description of Change

This is to support easy disabling of sandboxing in CI environments, particularly on Linux where running CI inside docker is common, and Chrome's sandboxing technique conflicts with docker's default seccomp profile.

There have been concerns raised over whether this is a potential attack vector (e.g. an attacker who had control over the app's environment could set this variable to permit escalation), but I think there exist other easier routes to escalation if you have control over the environment, e.g. LD_PRELOAD or PATH.

Checklist

Release Notes

Notes: Added ELECTRON_DISABLE_SANDBOX environment variable to make it easier to disable sandboxing in Docker-based Linux CI environments.

@nornagon nornagon requested review from ckerr, jkleinsc and a team January 28, 2019 22:22
@nornagon nornagon mentioned this pull request Jan 28, 2019
Closed
5 tasks
@zcbenz zcbenz merged commit 257de6a into master Jan 29, 2019
@release-clerk
Copy link

release-clerk bot commented Jan 29, 2019

Release Notes Persisted

Added ELECTRON_DISABLE_SANDBOX environment variable to make it easier to disable sandboxing in Docker-based Linux CI environments.

@zcbenz zcbenz deleted the disable-sandbox-envvar branch January 29, 2019 07:03
@nornagon
Copy link
Member Author

/trop run backport

@trop
Copy link
Contributor

trop bot commented Jan 31, 2019

The backport process for this PR has been manually initiated, here we go! :D

@trop trop bot mentioned this pull request Jan 31, 2019
Merged
@trop
Copy link
Contributor

trop bot commented Jan 31, 2019

I have automatically backported this PR to "5-0-x", please check out #16662

@sofianguy sofianguy added this to 5.0.0-beta.2 in 5.0.x Feb 4, 2019
@miniak miniak mentioned this pull request Apr 23, 2019
Merged
5 tasks
roramirez added a commit to roramirez/MagicMirror that referenced this pull request Jan 20, 2020
@roramirez
Upgrade to Electron 6:
a7ee2ef 
New version of Electron has enable by default sandbox
http://www.atom.pe/docs/api/sandbox-option/

There was some issues to migrate a new version of Electron for
MagicMirror. Using the new version in Travis CI was failing at this
time. The problem is because the testing runner is a Docker enviroment

The issue experimented is the same topic mentioned here:
 - electron/electron#17972
 - electron-userland/spectron#443

The fix for to all of this is to set the `--no-sandbox` mode in CI
testing https://electronjs.org/docs/all#--no-sandbox

This change use the feature to set and disable Sandbox using
by enviroment variable `ELECTRON_DISABLE_SANDBOX=1`
electron/electron#16576

This change has reference MagicMirrorOrg#1800
@roramirez roramirez mentioned this pull request Jan 20, 2020
Merged
@skeggse skeggse mentioned this pull request May 15, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

@zcbenz zcbenz zcbenz approved these changes

@ckerr ckerr Awaiting requested review from ckerr

Assignees
No one assigned
Labels
None yet
Projects
No open projects
5.0.x
Fixed in 5.0.0-beta.2
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nornagon @jkleinsc @zcbenz