From dc57ae7f9e6167430345048cba764ccf23947d85 Mon Sep 17 00:00:00 2001 From: Jeremy Apthorp Date: Thu, 7 Mar 2019 11:51:12 -0800 Subject: [PATCH] feat: enable setuid sandbox on linux --- BUILD.gn | 3 +++ atom/app/atom_main_delegate.cc | 4 ---- build/zip.py | 5 ++++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index ea5aec8ed941e..050d41c060a06 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -917,6 +917,9 @@ dist_zip("electron_dist_zip") { ":licenses", ":electron_version", ] + if (is_linux) { + data_deps += [ "//sandbox/linux:chrome_sandbox" ] + } outputs = [ "$root_build_dir/dist.zip", ] diff --git a/atom/app/atom_main_delegate.cc b/atom/app/atom_main_delegate.cc index 6c40c99d91d6a..e1318eb6d4c46 100644 --- a/atom/app/atom_main_delegate.cc +++ b/atom/app/atom_main_delegate.cc @@ -237,10 +237,6 @@ void AtomMainDelegate::PreSandboxStartup() { if (!IsBrowserProcess(command_line)) return; - // Disable setuid sandbox since it is not longer required on - // linux (namespace sandbox is available on most distros). - command_line->AppendSwitch(service_manager::switches::kDisableSetuidSandbox); - // Allow file:// URIs to read other file:// URIs by default. command_line->AppendSwitch(::switches::kAllowFileAccessFromFiles); diff --git a/build/zip.py b/build/zip.py index 5518322e0159f..1c5eb9bfd913d 100644 --- a/build/zip.py +++ b/build/zip.py @@ -61,7 +61,10 @@ def main(argv): for file in files: z.write(os.path.join(root, file)) else: - z.write(dep) + basename = os.path.basename(dep) + dirname = os.path.dirname(dep) + arcname = os.path.join(dirname, 'chrome-sandbox') if basename == 'chrome_sandbox' else dep + z.write(dep, arcname) if __name__ == '__main__': sys.exit(main(sys.argv[1:]))