Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix chrome-sandbox file permissions #20799

Merged
merged 18 commits into from Jun 3, 2020

Conversation

Descear
Copy link
Contributor

@Descear Descear commented May 23, 2020

Fixes: #20756

@Descear
Copy link
Contributor Author

Descear commented May 23, 2020

I was hoping that the Azure Pipeline check would run automatically so that I could figure out what to do.

Can someone please manually trigger that check for this PR?

@lkashef lkashef marked this pull request as ready for review May 27, 2020
@lkashef
Copy link
Contributor

lkashef commented May 27, 2020

Hey @Descear, thanks for your contribution.

The PR normally triggers the CI but I think being a fork + draft status blocked the CI, I marked the PR as "Ready to Review" and the CI got triggered.

@Descear
Copy link
Contributor Author

Descear commented May 27, 2020

I marked the PR as "Ready to Review" and the CI got triggered.

Thanks, @lkashef.

As of the last commit, this PR is now actually ready for review.

@darangi
Copy link
Contributor

darangi commented May 28, 2020

Hi @Descear, can you add your branch name to this file? script/vsts/release-branch-build.yml ? e.g

- fix-crash-on-linux
so we get to download .deb and .rpm artifacts that will be uploaded to the pipeline? This particular change will be reverted if we all confirm it works as expected.

@Descear
Copy link
Contributor Author

Descear commented May 29, 2020

The latest commit appears to have fixed the issue.

Checking the artefacts:

$ dpkg -c atom-amd64.deb | grep chrome-sandbox
-rwsr-xr-x root/root   5185424 2020-05-29 01:12 ./usr/share/atom-dev/chrome-sandbox
$ rpm -qlv atom.x86_64.rpm | grep chrome-sandbox
-rwsr-xr-x    1 root   root   5185424 May 28 20:17 /usr/share/atom-dev/chrome-sandbox

Atom launches fine on these distros after their respective package artefact is installed:

Both distros:

$ stat /usr/share/atom-dev/chrome-sandbox
[...]
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
[...]

These commits should be reverted before this PR is merged:

@darangi darangi mentioned this pull request May 29, 2020
@darangi
Copy link
Contributor

darangi commented Jun 1, 2020

Great work! 🥳 @Descear, can we revert commits 73bd087 and 368f790? So we can merge this in?

@Descear
Copy link
Contributor Author

Descear commented Jun 2, 2020

I've made the reverts. Please proceed.

@darangi darangi merged commit aac542c into atom:master Jun 3, 2020
1 check passed
@Jackfritt
Copy link

Jackfritt commented Jun 3, 2020

There are still problems I wrote here
With 1.46.0 this was possible:
sudo atom /root/.bashrc

Also writing files to directory without direct write access a Policy-Kit Window popped up
and asked for sudo password. Then it wrote the file to this directory.
atom /home/some.user/test.file

Thx for reading :) and support.

@lkashef
Copy link
Contributor

lkashef commented Jun 8, 2020

Hey @Jackfritt, thanks for your report 🙇‍♂️

The fix is available in Nightly and will be patched in the next release.

lkashef pushed a commit that referenced this issue Jun 10, 2020
…sions

Fix `chrome-sandbox` file permissions
@Jackfritt
Copy link

Jackfritt commented Jun 12, 2020

Hey @Jackfritt, thanks for your report bowing_man

The fix is available in Nightly and will be patched in the next release.

I tried 1.48.0 on latest patched Debian Buster
still not functional.

LC_ALL=C sudo atom /root/.bashrc

kvm@j-esser:~/src/m2m_sql$ /usr/bin/atom: line 190: 18834 Trace/breakpoint trap nohup "$ATOM_PATH" --executed-from="$(pwd)" --pid=$$ "$@" > "$ATOM_HOME/nohup.out" 2>&1
[18834:0612/141736.319903:FATAL:atom_main_delegate.cc(194)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.

atom /home/some.other.users_home_dir/new_test.file

Saving file gives error message
"Unable to save file: Permission denied '/home/some.other.users_home_dir'"
instead of Policy-Kit Window popped up and asked for sudo password.

Copy link

@morrisjallah morrisjallah left a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants