diff options
| author | Oskar Nyberg <oskar@mullvad.net> | 2021-01-28 10:18:54 +0100 |
|---|---|---|
| committer | Oskar Nyberg <oskar@mullvad.net> | 2021-01-28 10:18:54 +0100 |
| commit | 115099777c1ca93048cf46ef5cfbb253475bc573 (patch) | |
| tree | f9eb9ba9a282ae24a54b236dfc31cd6565586c56 | |
| parent | 976545b58ed88f93685b903636594b6bf7885577 (diff) | |
| parent | 595a1d33f709a3927c59aab222670313879161f5 (diff) | |
| download | mullvadvpn-115099777c1ca93048cf46ef5cfbb253475bc573.tar.xz mullvadvpn-115099777c1ca93048cf46ef5cfbb253475bc573.zip | |
Merge branch 'enable-electron-sandbox-on-linux'
| -rwxr-xr-x | dist-assets/linux/mullvad-gui-launcher.sh | 9 | ||||
| -rw-r--r-- | gui/src/main/index.ts | 13 |
2 files changed, 16 insertions, 6 deletions
diff --git a/dist-assets/linux/mullvad-gui-launcher.sh b/dist-assets/linux/mullvad-gui-launcher.sh index cf75c4e916..32be5868ca 100755 --- a/dist-assets/linux/mullvad-gui-launcher.sh +++ b/dist-assets/linux/mullvad-gui-launcher.sh @@ -1,5 +1,12 @@ #!/usr/bin/env bash set -eu +UNPRIVILEGED_USERNS_PATH="/proc/sys/kernel/unprivileged_userns_clone" +if [ -e $UNPRIVILEGED_USERNS_PATH ] && grep -q 0 $UNPRIVILEGED_USERNS_PATH; then + SANDBOX_FLAG="--no-sandbox" +else + SANDBOX_FLAG="" +fi + SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -exec "$SCRIPT_DIR/mullvad-gui" --no-sandbox "$@" +exec "$SCRIPT_DIR/mullvad-gui" $SANDBOX_FLAG "$@" diff --git a/gui/src/main/index.ts b/gui/src/main/index.ts index f3ac7e72c0..2fe32a0d16 100644 --- a/gui/src/main/index.ts +++ b/gui/src/main/index.ts @@ -85,6 +85,8 @@ const AUTO_CONNECT_FALLBACK_DELAY = 6000; /// Mirrors the beta check regex in the daemon. Matches only well formed beta versions const IS_BETA = /^(\d{4})\.(\d+)-beta(\d+)$/; +const SANDBOX_DISABLED = app.commandLine.hasSwitch('no-sandbox'); + enum AppQuitStage { unready, initiated, @@ -209,10 +211,6 @@ class ApplicationMain { app.commandLine.appendSwitch('wm-window-animations-disabled'); } - if (process.platform !== 'linux') { - app.enableSandbox(); - } - this.overrideAppPaths(); if (this.ensureSingleInstance()) { @@ -221,6 +219,11 @@ class ApplicationMain { this.initLogging(); + log.debug(`Chromium sandbox disabled: ${SANDBOX_DISABLED}`); + if (!SANDBOX_DISABLED) { + app.enableSandbox(); + } + log.info(`Running version ${app.getVersion()}`); if (process.platform === 'win32') { @@ -1453,7 +1456,7 @@ class ApplicationMain { nodeIntegrationInWorker: false, nodeIntegrationInSubFrames: false, enableRemoteModule: false, - sandbox: process.platform !== 'linux', + sandbox: !SANDBOX_DISABLED, contextIsolation: true, spellcheck: false, devTools: process.env.NODE_ENV === 'development', |