I’ve built a cefsimple-based app on macOS by following the official tutorial: https://bitbucket.org/chromiumembedded/ ... uild-steps
Rendering works fine, but I’ve noticed that while the main/browser process is running with sandbox enabled, all the helper processes (renderer, GPU, etc.) are running with the --no-sandbox flag.
I verified this using:
- Code: Select all
ps -eo pid,args | grep <process_name>
As per my understanding, sandboxing should be enabled by default for helper processes. I am not passing --no-sandbox anywhere in my code or launch arguments.
My questions:
- Is it expected for helper processes to run with --no-sandbox on macOS with a cefsimple-based app?
- If not, what steps am I missing to ensure helpers run sandboxed?
Do I need to explicitly set CEF_USE_SANDBOX for the helper processes or elsewhere in my project?
Are there any additional entitlements, code-signing, or build settings required to enable sandboxing for helpers on macOS?
Any pointers would be greatly appreciated!