Hi there. I'm using CefSharp v64.0.0 and am trying to use the --enable-appcontainer flag (documented here). However, passing it doesn't seem to do anything. On Win10, the CefSharp.BrowserSubprocess processes are still running with an Integrity Level of Medium (rather than Untrusted or Low). I asked about this on the CefSharp gitter, and was advised to post here and ask whether CEF supports this command line argument.
Thanks,
Ehren
Chromium Embedded Framework Forum
Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.
Is --enable-appcontainer supported by CEF?
7 posts
• Page 1 of 1
Is --enable-appcontainer supported by CEF?
by Ehren » Wed Aug 08, 2018 12:17 pm
- Ehren
- Newbie
- Posts: 3
- Joined: Wed Aug 08, 2018 11:57 am
Re: Is --enable-appcontainer supported by CEF?
by magreenblatt » Wed Aug 08, 2018 1:01 pm
This flag is implemented in Chromium. Have you tried it with Google Chrome at the same version?
- magreenblatt
- Site Admin
- Posts: 12409
- Joined: Fri May 29, 2009 6:57 pm
Re: Is --enable-appcontainer supported by CEF?
by Ehren » Wed Aug 08, 2018 2:21 pm
magreenblatt wrote:This flag is implemented in Chromium. Have you tried it with Google Chrome at the same version?
Thanks for the reply. No, I haven't. I can tell that my current version of Chrome (v67) is running with this option on by default, since many of the chrome.exe processes have a Low or Untrusted Integrity Level in process explorer. How would I go about testing Google Chrome v64? Google doesn't seem to host old versions of Chrome anywhere I was able to find.
Thanks,
Ehren
- Ehren
- Newbie
- Posts: 3
- Joined: Wed Aug 08, 2018 11:57 am
Re: Is --enable-appcontainer supported by CEF?
by amaitland » Wed Aug 08, 2018 7:05 pm
Sounds like you should test with cefclient.
http://opensource.spotify.com/cefbuilds/index.html
Download the sample application
http://opensource.spotify.com/cefbuilds/index.html
Download the sample application
Maintainer of the CefSharp project.
- amaitland
- Virtuoso
- Posts: 1292
- Joined: Wed Jan 14, 2015 2:35 am
Re: Is --enable-appcontainer supported by CEF?
by Ehren » Thu Aug 09, 2018 3:45 pm
amaitland wrote:Sounds like you should test with cefclient.
Thanks for the link. I downloaded the earliest v64 build of cefclient. I found that, like Chrome on Win10, cefclient.exe enables appcontainers by default. Its child cefclient.exe processes have Integrity Levels of Low and Untrusted. I tried passing the --disable-appcontainer flag (listed on the same command-line argument reference I linked to above), and this had no effect. The child processes still had Low/Untrusted Integrity Levels.
Does this indicate that appcontainer support is something each consumer of CEF has to enable, and is not actually controlled by a CEF-level command-line argument?
Thanks,
Ehren
- Ehren
- Newbie
- Posts: 3
- Joined: Wed Aug 08, 2018 11:57 am
Re: Is --enable-appcontainer supported by CEF?
by magreenblatt » Thu Aug 09, 2018 3:53 pm
Does CefSharp use a separate sub-process executable? If so the sandbox will be disabled (it's not supported in that mode), and that likely explains the difference.
- magreenblatt
- Site Admin
- Posts: 12409
- Joined: Fri May 29, 2009 6:57 pm
Re: Is --enable-appcontainer supported by CEF?
by amaitland » Thu Aug 09, 2018 7:11 pm
Thanks, Marshall. Sandboxing being a requirement makes sense.
Sandboxing is not supported in CefSharp, see viewtopic.php?f=6&t=13781#p29125 for the previous discussion.
Sandboxing is not supported in CefSharp, see viewtopic.php?f=6&t=13781#p29125 for the previous discussion.
Maintainer of the CefSharp project.
- amaitland
- Virtuoso
- Posts: 1292
- Joined: Wed Jan 14, 2015 2:35 am
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot], Majestic-12 [Bot] and 107 guests