Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: enable setuid sandbox on linux (backport: 5-0-x) #17343

Conversation

Projects
None yet
4 participants
@trop
Copy link
Contributor

commented Mar 11, 2019

Backport of #17269

See that PR for details.

Notes: Enabled the setuid sandbox on Linux, allowing Electron to launch sandboxed processes in environments that disable CLONE_NEWUSER for unprivileged users.

@trop trop bot referenced this pull request Mar 11, 2019

Merged

feat: enable setuid sandbox on linux #17269

3 of 6 tasks complete

@trop trop bot added 5-0-x backport labels Mar 11, 2019

@electron-cation electron-cation bot removed the new-pr 🌱 label Mar 11, 2019

@nornagon nornagon changed the title feat: enable setuid sandbox on linux (backport: 5-0-x) fix: enable setuid sandbox on linux (backport: 5-0-x) Mar 12, 2019

@nornagon

This comment has been minimized.

Copy link
Contributor

commented Mar 12, 2019

This isn't really a feat in that it doesn't add any new API surface. It fixes an issue with sandboxing that was exposed in 5-0-x related to the fact that we now enable mixed-sandbox mode by default.

@ckerr
Copy link
Member

left a comment

For the record, @electron/wg-releases OK'ed this for 5-0-x in the 2019-03-13 meeting

@ckerr

ckerr approved these changes Mar 13, 2019

@codebytere
Copy link
Member

left a comment

Approving on behalf of Releases WG

@codebytere codebytere merged commit 3e999ca into electron:5-0-x Mar 14, 2019

8 checks passed

Artifact Comparison No Changes
Details
Semantic Pull Request ready to be squashed
Details
WIP Ready for review
Details
appveyor: win-ia32-testing-pr AppVeyor build succeeded
Details
appveyor: win-x64-testing-pr AppVeyor build succeeded
Details
build-linux Workflow: build-linux
Details
build-mac Workflow: build-mac
Details
release-notes Release notes found
@release-clerk

This comment has been minimized.

Copy link

commented Mar 14, 2019

Release Notes Persisted

Enabled the setuid sandbox on Linux, allowing Electron to launch sandboxed processes in environments that disable CLONE_NEWUSER for unprivileged users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.