Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Adopt utility process for shared process and set `app.enableSandbox()`
See original GitHub issueThis is a follow up from https://github.com/microsoft/vscode/issues/92164 and covers remaining work to eventually enable sandboxed renderers fully in Electron via app.enableSandbox().
This means that our shared process has to move away from a node.js enabled browser window to the new utility process.
Breaking down the usages today:
- extension management
- settings sync
- profiles
- terminals
- file watcher
Some initial thoughts:
- the shared process should probably just change to be a utility process as a first step
- however, any code that relies on the browser window network stack instead has to leverage Electrons
netAPIs from theelectron-mainprocess to not loose proxy support - this can probably be done by implementing some kind of
IRequestServicethat is backed by a main process service implementation
- however, any code that relies on the browser window network stack instead has to leverage Electrons
- any child process has to decide whether it wants to lift up to a utility process off the main process or remain inside the shared process
//cc @alexdima
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:15 (15 by maintainers)
Top Results From Across the Web
Enabling App Sandbox - Apple Developer
Describes the entitlement keys for App Sandbox, iCloud, Push Notifications, and shared app containers.
Read more >VS Code Sandboxing
Enabling the sandbox in Electron renderer processes is a critical requirement for secure and reliable Electron applications such as Visual ...
Read more >Process Sandboxing | Electron
In Chromium, sandboxing is applied to most processes other than the main process. This includes renderer processes, as well as utility processes such...
Read more >All the Electron Docs! | Electron
In Electron, Node.js and Chromium share a single V8 instance—usually the ... On Windows, you have to parse process.argv (in the main process)...
Read more >backdrops - OSCHINA - 中文开源技术交流社区
beforeUpdate Function undefined Callback called before the update process ... The category scale has the following additional options that can be set.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Message port is limited to operating only from the utility process. I would prefer to keep it this way since otherwise we could have untrusted child processes talking directly to the renderer and serves as a way to break out of the renderer sandbox.
settings sync is safe to be removed as it does not use any non sandbox stuff like node apis.