From 7f9a404d08d902384a06d275e85e38d18119b023 Mon Sep 17 00:00:00 2001 From: Robo Date: Mon, 26 Jun 2023 14:21:27 +0900 Subject: [PATCH] feat: provide disable-chromium-sandbox runtime argument (#186004) * feat: provide disable-chromium-sandbox runtime argument * chore: address review feedback * chore: remove relaunch prompt --- src/main.js | 18 ++++++++++++------ .../electron-sandbox/desktop.contribution.ts | 4 ++++ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/main.js b/src/main.js index 5b3bcf8b9abdf..c3ad37de5eee1 100644 --- a/src/main.js +++ b/src/main.js @@ -33,9 +33,12 @@ const portable = bootstrapNode.configurePortable(product); // Enable ASAR support bootstrap.enableASARSupport(); -// Enable sandbox globally unless disabled via `--no-sandbox` argument const args = parseCLIArgs(); -if (args['sandbox']) { +// Configure static command line arguments +const argvConfig = configureCommandlineSwitchesSync(args); +// Enable sandbox globally unless disabled via `--no-sandbox` argument +// or if `disable-chromium-sandbox: true` is set in argv.json. +if (args['sandbox'] && !argvConfig['disable-chromium-sandbox']) { app.enableSandbox(); } @@ -52,9 +55,6 @@ app.setPath('userData', userDataPath); // Resolve code cache path const codeCachePath = getCodeCachePath(); -// Configure static command line arguments -const argvConfig = configureCommandlineSwitchesSync(args); - // Disable default menu (https://github.com/electron/electron/issues/35512) Menu.setApplicationMenu(null); @@ -190,7 +190,10 @@ function configureCommandlineSwitchesSync(cliArgs) { 'disable-hardware-acceleration', // override for the color profile to use - 'force-color-profile' + 'force-color-profile', + + // disable chromium sandbox + 'disable-chromium-sandbox', ]; if (process.platform === 'linux') { @@ -228,6 +231,9 @@ function configureCommandlineSwitchesSync(cliArgs) { else if (argvValue === true || argvValue === 'true') { if (argvKey === 'disable-hardware-acceleration') { app.disableHardwareAcceleration(); // needs to be called explicitly + } else if (argvKey === 'disable-chromium-sandbox') { + app.commandLine.appendSwitch('no-sandbox'); + app.commandLine.appendSwitch('disable-gpu-sandbox'); } else { app.commandLine.appendSwitch(argvKey); } diff --git a/src/vs/workbench/electron-sandbox/desktop.contribution.ts b/src/vs/workbench/electron-sandbox/desktop.contribution.ts index aeadc7c64c235..108a13bdfb1f7 100644 --- a/src/vs/workbench/electron-sandbox/desktop.contribution.ts +++ b/src/vs/workbench/electron-sandbox/desktop.contribution.ts @@ -345,6 +345,10 @@ import { applicationConfigurationNodeBase } from 'vs/workbench/common/configurat 'log-level': { type: ['string', 'array'], description: localize('argv.logLevel', "Log level to use. Default is 'info'. Allowed values are 'error', 'warn', 'info', 'debug', 'trace', 'off'.") + }, + 'disable-chromium-sandbox': { + type: 'boolean', + description: localize('argv.disableChromiumSandbox', "Disables the Chromium sandbox. This is useful when running VS Code as elevated on Linux and running under Applocker on Windows.") } } };