Remove --no-sandbox (#122909)

* linux - remove `--no-sandbox` flag We should not disable sandbox on Linux. We only added this to support running on Kernel <= 3.8 where setuid sandbox is used. * fix ci * add some docs
2025-12-24 12:19:20 +00:00 · 2021-05-04 11:18:19 +02:00
parent b1ce0eda2d
commit e2954beb4b
8 changed files with 15 additions and 22 deletions
--- a/scripts/test-integration.sh
+++ b/scripts/test-integration.sh
@@ -6,8 +6,10 @@ if [[ "$OSTYPE" == "darwin"* ]]; then
 	ROOT=$(dirname $(dirname $(realpath "$0")))
 else
 	ROOT=$(dirname $(dirname $(readlink -f $0)))
-	# Electron 6 introduces a chrome-sandbox that requires root to run. This can fail. Disable sandbox via --no-sandbox.
-	LINUX_EXTRA_ARGS="--no-sandbox"
+	# --disable-setuid-sandbox: setuid sandboxes requires root and is used in containers so we disable this
+	# --disable-dev-shm-usage --use-gl=swiftshader: when run on docker containers where size of /dev/shm
+	# partition < 64MB which causes OOM failure for chromium compositor that uses the partition for shared memory
+	LINUX_EXTRA_ARGS="--disable-setuid-sandbox --disable-dev-shm-usage --use-gl=swiftshader"
 fi

 VSCODEUSERDATADIR=`mktemp -d 2>/dev/null`
@@ -44,13 +46,6 @@ else
 	export ELECTRON_ENABLE_STACK_DUMPING=1
 	export ELECTRON_ENABLE_LOGGING=1

-	# Production builds are run on docker containers where size of /dev/shm partition < 64MB which causes OOM failure
-	# for chromium compositor that uses the partition for shared memory
-	if [ "$LINUX_EXTRA_ARGS" ]
-	then
-		LINUX_EXTRA_ARGS="$LINUX_EXTRA_ARGS  --disable-dev-shm-usage --use-gl=swiftshader"
-	fi
-
 	echo "Storing crash reports into '$VSCODECRASHDIR'."
 	echo "Running integration tests with '$INTEGRATION_TEST_ELECTRON_PATH' as build."
 fi