From 35ddc72ddc0a1ff5faaa4916feef1ddffbf33a6e Mon Sep 17 00:00:00 2001 From: Robo Date: Tue, 27 Jun 2023 15:05:43 +0900 Subject: [PATCH] chore: introduce a new flag disable-chromium-sandbox (#186252) --- src/main.js | 26 ++++++++++++++-------- src/vs/platform/environment/common/argv.ts | 1 + src/vs/platform/environment/node/argv.ts | 1 + 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/main.js b/src/main.js index 2b71c8ba3da..55200575103 100644 --- a/src/main.js +++ b/src/main.js @@ -36,10 +36,21 @@ bootstrap.enableASARSupport(); const args = parseCLIArgs(); // Configure static command line arguments const argvConfig = configureCommandlineSwitchesSync(args); -// Enable sandbox globally unless disabled via `--no-sandbox` argument -// or if `disable-chromium-sandbox: true` is set in argv.json. -if (args['sandbox'] && !argvConfig['disable-chromium-sandbox']) { +// Enable sandbox globally unless +// 1) disabled via command line using either +// `--no-sandbox` or `--disable-chromium-sandbox` argument. +// 2) argv.json contains `disable-chromium-sandbox: true`. +if (args['sandbox'] && + !args['disable-chromium-sandbox'] && + !argvConfig['disable-chromium-sandbox']) { app.enableSandbox(); +} else if (app.commandLine.hasSwitch('no-sandbox') && + !app.commandLine.hasSwitch('disable-gpu-sandbox')) { + // Disable GPU sandbox whenever --no-sandbox is used. + app.commandLine.appendSwitch('disable-gpu-sandbox'); +} else { + app.commandLine.appendSwitch('no-sandbox'); + app.commandLine.appendSwitch('disable-gpu-sandbox'); } // Set userData path before app 'ready' event @@ -192,9 +203,6 @@ function configureCommandlineSwitchesSync(cliArgs) { // override for the color profile to use 'force-color-profile', - // disable chromium sandbox - 'disable-chromium-sandbox', - // override which password-store is used 'password-store' ]; @@ -238,9 +246,6 @@ function configureCommandlineSwitchesSync(cliArgs) { else if (argvValue === true || argvValue === 'true') { if (argvKey === 'disable-hardware-acceleration') { app.disableHardwareAcceleration(); // needs to be called explicitly - } else if (argvKey === 'disable-chromium-sandbox') { - app.commandLine.appendSwitch('no-sandbox'); - app.commandLine.appendSwitch('disable-gpu-sandbox'); } else { app.commandLine.appendSwitch(argvKey); } @@ -480,6 +485,9 @@ function parseCLIArgs() { 'js-flags', 'crash-reporter-directory' ], + boolean: [ + 'disable-chromium-sandbox', + ], default: { 'sandbox': true }, diff --git a/src/vs/platform/environment/common/argv.ts b/src/vs/platform/environment/common/argv.ts index 75f79f3fa59..2bbfd487d75 100644 --- a/src/vs/platform/environment/common/argv.ts +++ b/src/vs/platform/environment/common/argv.ts @@ -109,6 +109,7 @@ export interface NativeParsedArgs { 'locate-shell-integration-path'?: string; 'profile'?: string; 'profile-temp'?: boolean; + 'disable-chromium-sandbox'?: boolean; 'enable-coi'?: boolean; diff --git a/src/vs/platform/environment/node/argv.ts b/src/vs/platform/environment/node/argv.ts index e14354be5b7..fbae6c3e4ed 100644 --- a/src/vs/platform/environment/node/argv.ts +++ b/src/vs/platform/environment/node/argv.ts @@ -109,6 +109,7 @@ export const OPTIONS: OptionDescriptions> = { 'inspect-extensions': { type: 'string', allowEmptyValue: true, deprecates: ['debugPluginHost'], args: 'port', cat: 't', description: localize('inspect-extensions', "Allow debugging and profiling of extensions. Check the developer tools for the connection URI.") }, 'inspect-brk-extensions': { type: 'string', allowEmptyValue: true, deprecates: ['debugBrkPluginHost'], args: 'port', cat: 't', description: localize('inspect-brk-extensions', "Allow debugging and profiling of extensions with the extension host being paused after start. Check the developer tools for the connection URI.") }, 'disable-gpu': { type: 'boolean', cat: 't', description: localize('disableGPU', "Disable GPU hardware acceleration.") }, + 'disable-chromium-sandbox': { type: 'boolean', cat: 't', description: localize('disableChromiumSandbox', "Use this option only when there is requirement to launch the application as sudo user on Linux or when running as an elevated user in an applocker environment on Windows.") }, 'ms-enable-electron-run-as-node': { type: 'boolean', global: true }, 'telemetry': { type: 'boolean', cat: 't', description: localize('telemetry', "Shows all telemetry events which VS code collects.") },