Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: drop thread_capabilities.patch #29135

Merged
merged 1 commit into from May 18, 2021
Merged

chore: drop thread_capabilities.patch #29135

merged 1 commit into from May 18, 2021

Conversation

nornagon
Copy link
Member

Description of Change

I think this might be limiting our sandboxing on linux.

WIP until I read through #3666 to understand if this will cause issues. That
issue ends with "we are not using sandboxing at all" which is now far from
true, so I'd like to find a way to reenable this for sandboxed processes at
least.

Checklist

Release Notes

Notes: none

@nornagon nornagon requested a review from a team as a code owner May 12, 2021 23:13
@nornagon nornagon added no-backport semver/patch backwards-compatible bug fixes wip ⚒ labels May 12, 2021
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels May 12, 2021
@nornagon
Copy link
Member Author

cc @zcbenz, do you have thoughts about if this is now safe to remove?

zcbenz
zcbenz reviewed May 18, 2021
View reviewed changes
Copy link
Member

@zcbenz zcbenz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think #3666 (comment) is still relevant, without this patch the renderer process will not be able to access some resources even when the user has enough permissions.

From security perspective it is probably better removing this patch, but certain users will not be able to run Electron apps and it would be hard for them to find out why.

@nornagon
Copy link
Member Author

Hm, looking into it more, it seems this is only called when launching child processes via the zygote. We only do this for sandboxed processes since #15870. So I think we no longer need this.

@nornagon nornagon merged commit 8cfd249 into master May 18, 2021
@release-clerk
Copy link

release-clerk bot commented May 18, 2021

No Release Notes

@nornagon nornagon deleted the drop-thread_capabilities.patch branch May 18, 2021 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zcbenz zcbenz zcbenz left review comments

@deepak1556 deepak1556 deepak1556 approved these changes

Assignees
No one assigned
Labels
no-backport semver/patch backwards-compatible bug fixes wip ⚒
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nornagon @zcbenz @deepak1556