Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: skip zygote for unsandboxed ppapi processes #17823

Merged
merged 1 commit into from Apr 16, 2019

Conversation

@nornagon
Copy link
Contributor

commented Apr 16, 2019

Description of Change

Fixes #17034.

The sequence of events here was:

  1. The main process starts
  2. Early in the initialization sequence, before main.js is run, content spawns a zygote and initializes the sandbox
  3. main.js runs, and adds --no-sandbox to the command-line flags
  4. The renderer boots and requests a ppapi process
  5. The ppapi process is forked from the zygote, which already has the sandbox pre-initialized, since it was warmed up before the --no-sandbox flag was added.

With this patch, we intervene before (5) and re-check the command-line flags. If --no-sandbox is present, we do not launch from the zygote, and instead spawn a fresh process without the sandbox.

This patch is similar to the one that supports mixed-sandbox mode.

Checklist

Release Notes

Notes: Fixed an issue preventing the Flash plugin from loading on Linux.

@nornagon nornagon requested a review from electron/wg-upgrades as a code owner Apr 16, 2019

@nornagon

This comment has been minimized.

Copy link
Contributor Author

commented Apr 16, 2019

linux failure is flake; merging.

@nornagon nornagon merged commit 33fd200 into master Apr 16, 2019

14 of 16 checks passed

Backportable? - 5-0-x Backport Failed
Details
build-linux Workflow: build-linux
Details
Artifact Comparison No Changes
Details
Semantic Pull Request ready to be squashed
Details
WIP Ready for review
Details
appveyor: win-ia32-debug AppVeyor build succeeded
Details
appveyor: win-ia32-testing AppVeyor build succeeded
Details
appveyor: win-ia32-testing-pr AppVeyor build succeeded
Details
appveyor: win-x64-debug AppVeyor build succeeded
Details
appveyor: win-x64-testing AppVeyor build succeeded
Details
appveyor: win-x64-testing-pr AppVeyor build succeeded
Details
build-mac Workflow: build-mac
Details
electron-arm-testing Build #20190416.27 succeeded
Details
electron-arm64-testing Build #20190416.26 succeeded
Details
lint Workflow: lint
Details
release-notes Release notes found
@release-clerk

This comment has been minimized.

Copy link

commented Apr 16, 2019

Release Notes Persisted

Fixed an issue preventing the Flash plugin from loading on Linux.

@nornagon nornagon deleted the ppapi-zygote-no-sandbox branch Apr 16, 2019

@trop

This comment has been minimized.

Copy link
Contributor

commented Apr 16, 2019

I was unable to backport this PR to "5-0-x" cleanly;
you will need to perform this backport manually.

@trop

This comment has been minimized.

Copy link
Contributor

commented Apr 16, 2019

A maintainer has manually backported this PR to "5-0-x", please check out #17829

1 similar comment
@trop

This comment has been minimized.

Copy link
Contributor

commented Apr 17, 2019

A maintainer has manually backported this PR to "5-0-x", please check out #17829

Kiku-Reise added a commit to Kiku-Reise/electron that referenced this pull request May 16, 2019

@miniak miniak referenced this pull request Jun 22, 2019

Open

feat: add app.disablePluginSandbox(mimeType) #18939

5 of 6 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.