Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Prevent capabilities from being dropped in renderer threads in Linux

Chromium automatically drops all capabilities of renderer threads in
Linux, which may cause issues in a context like Electron, where the main
and renderer threads are supposed to keep inherited permissions over the
system.

See electron/electron#3666
  • Loading branch information...
Juan Cruz Viotti
Juan Cruz Viotti committed Feb 17, 2016
1 parent eb39033 commit 4012031948b2b1f7d5bce1dafc26bf0a84f2a8ed
Showing with 13 additions and 0 deletions.
  1. +13 −0 patches/thread-capabilities.patch
@@ -0,0 +1,13 @@
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
index dd26472..6324ef5 100644
--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -324,8 +324,6 @@ pid_t Credentials::ForkAndDropCapabilitiesInChild() {
return pid;
}

- // Since we just forked, we are single threaded.
- PCHECK(DropAllCapabilitiesOnCurrentThread());
return 0;
}

0 comments on commit 4012031

Please sign in to comment.
You can’t perform that action at this time.