From afde7913ebfba84852df795bfae33f6609843a97 Mon Sep 17 00:00:00 2001
From: Benjamin Pasero <benjpas@microsoft.com>
Date: Wed, 18 Sep 2019 13:55:03 +0200
Subject: [PATCH] build - set no-sandbox everywhere (#81096)

---
 build/azure-pipelines/linux/product-build-linux.yml | 2 +-
 resources/linux/code-url-handler.desktop            | 2 +-
 resources/linux/code.desktop                        | 4 ++--
 scripts/test-integration.sh                         | 4 ++--
 scripts/test.sh                                     | 2 +-
 src/vs/code/node/cli.ts                             | 6 +++++-
 6 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/build/azure-pipelines/linux/product-build-linux.yml b/build/azure-pipelines/linux/product-build-linux.yml
index 0d0b2608757..0d01ba8a608 100644
--- a/build/azure-pipelines/linux/product-build-linux.yml
+++ b/build/azure-pipelines/linux/product-build-linux.yml
@@ -100,7 +100,7 @@ steps:
 
 - script: |
     set -e
-    DISPLAY=:10 ./scripts/test.sh --build --tfs --no-sandbox "Unit Tests"
+    DISPLAY=:10 ./scripts/test.sh --build --tfs "Unit Tests"
   displayName: Run unit tests
   condition: and(succeeded(), eq(variables['VSCODE_STEP_ON_IT'], 'false'))
 
diff --git a/resources/linux/code-url-handler.desktop b/resources/linux/code-url-handler.desktop
index 7106e0e0969..b85525fbd04 100644
--- a/resources/linux/code-url-handler.desktop
+++ b/resources/linux/code-url-handler.desktop
@@ -2,7 +2,7 @@
 Name=@@NAME_LONG@@ - URL Handler
 Comment=Code Editing. Redefined.
 GenericName=Text Editor
-Exec=@@EXEC@@ --open-url %U
+Exec=@@EXEC@@ --no-sandbox --open-url %U
 Icon=@@ICON@@
 Type=Application
 NoDisplay=true
diff --git a/resources/linux/code.desktop b/resources/linux/code.desktop
index 1273bb2db7c..b975e1094a2 100644
--- a/resources/linux/code.desktop
+++ b/resources/linux/code.desktop
@@ -2,7 +2,7 @@
 Name=@@NAME_LONG@@
 Comment=Code Editing. Redefined.
 GenericName=Text Editor
-Exec=@@EXEC@@ --unity-launch %F
+Exec=@@EXEC@@ --no-sandbox --unity-launch %F
 Icon=@@ICON@@
 Type=Application
 StartupNotify=false
@@ -14,5 +14,5 @@ Keywords=vscode;
 
 [Desktop Action new-empty-window]
 Name=New Empty Window
-Exec=@@EXEC@@ --new-window %F
+Exec=@@EXEC@@ --no-sandbox --new-window %F
 Icon=@@ICON@@
diff --git a/scripts/test-integration.sh b/scripts/test-integration.sh
index 143e2ff4eb4..2c3a571ffc7 100755
--- a/scripts/test-integration.sh
+++ b/scripts/test-integration.sh
@@ -8,7 +8,7 @@ if [[ "$OSTYPE" == "darwin"* ]]; then
 else
 	ROOT=$(dirname $(dirname $(readlink -f $0)))
 	VSCODEUSERDATADIR=`mktemp -d 2>/dev/null`
-	LINUX_NO_SANDBOX="--no-sandbox" # workaround Electron 6 issue on Linux when running tests in container
+	LINUX_NO_SANDBOX="--no-sandbox" # Electron 6 introduces a chrome-sandbox that requires root to run. This can fail. Disable sandbox via --no-sandbox.
 fi
 
 cd $ROOT
@@ -34,7 +34,7 @@ else
 fi
 
 # Integration tests in AMD
-./scripts/test.sh $LINUX_NO_SANDBOX --runGlob **/*.integrationTest.js "$@"
+./scripts/test.sh --runGlob **/*.integrationTest.js "$@"
 
 # Tests in the extension host
 "$INTEGRATION_TEST_ELECTRON_PATH" $LINUX_NO_SANDBOX $ROOT/extensions/vscode-api-tests/testWorkspace --extensionDevelopmentPath=$ROOT/extensions/vscode-api-tests --extensionTestsPath=$ROOT/extensions/vscode-api-tests/out/singlefolder-tests --disable-telemetry --disable-crash-reporter --disable-updates --disable-extensions --skip-getting-started --disable-inspect --user-data-dir=$VSCODEUSERDATADIR
diff --git a/scripts/test.sh b/scripts/test.sh
index e1ed5aa65c7..630af4e53e5 100755
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -34,5 +34,5 @@ else
 	cd $ROOT ; \
 		ELECTRON_ENABLE_LOGGING=1 \
 		"$CODE" \
-		test/electron/index.js "$@"
+		test/electron/index.js --no-sandbox "$@" # Electron 6 introduces a chrome-sandbox that requires root to run. This can fail. Disable sandbox via --no-sandbox.
 fi
diff --git a/src/vs/code/node/cli.ts b/src/vs/code/node/cli.ts
index 84997b65040..6dc1c356bac 100644
--- a/src/vs/code/node/cli.ts
+++ b/src/vs/code/node/cli.ts
@@ -15,7 +15,7 @@ import { whenDeleted, writeFileSync } from 'vs/base/node/pfs';
 import { findFreePort, randomPort } from 'vs/base/node/ports';
 import { resolveTerminalEncoding } from 'vs/base/node/encoding';
 import * as iconv from 'iconv-lite';
-import { isWindows } from 'vs/base/common/platform';
+import { isWindows, isLinux } from 'vs/base/common/platform';
 import { ProfilingSession, Target } from 'v8-inspect-profiler';
 import { isString } from 'vs/base/common/types';
 
@@ -360,6 +360,10 @@ export async function main(argv: string[]): Promise<any> {
 			options['stdio'] = 'ignore';
 		}
 
+		if (isLinux) {
+			addArg(argv, '--no-sandbox'); // Electron 6 introduces a chrome-sandbox that requires root to run. This can fail. Disable sandbox via --no-sandbox
+		}
+
 		const child = spawn(process.execPath, argv.slice(2), options);
 
 		if (args.wait && waitMarkerFilePath) {