Allow sandbox in subprocess, regardless of browser process

Think CEF could benefit from a new feature or capability? Discuss CEF feature requests here.

Allow sandbox in subprocess, regardless of browser process

Postby Tonygeek » Fri Jan 17, 2020 6:04 pm

My app process, which is also a browser process, on Windows requires /MD flag for MSVC++ compiler.
For various reasons (mostly third party libraries used by my app) I can't afford to link CRT statically.

This means one can't use sandbox because sandbox static library was built with statically linked CRT.

However, I have no such limitation on sub-processes. My sub process app is simple:

Code: Select all
int APIENTRY wWinMain(_In_ HINSTANCE hInstance,
                     _In_opt_ HINSTANCE hPrevInstance,
                     _In_ LPWSTR    lpCmdLine,
                     _In_ int       nCmdShow)
{
    CefMainArgs main_args(hInstance);
    return CefExecuteProcess(main_args, nullptr, nullptr);
}

Per cef_sandbox_win.h:

The sandbox is used to restrict sub-processes (renderer, plugin, GPU, etc) from directly accessing system resources
but then it also states that one must use the same executable for the browser process and all sub-processes.
Tonygeek
Techie
 
Posts: 16
Joined: Mon Jan 13, 2020 7:39 pm

Re: Allow sandbox in subprocess, regardless of browser proce

Postby magreenblatt » Sat Jan 18, 2020 1:35 am

This is a limitation of the Chromium sandbox implementation on Windows and not something that we can fix in CEF.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm


Return to Feature Request Forum

Who is online

Users browsing this forum: No registered users and 16 guests