From 0827b87cbb551e211308afb917f1392392963a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Rodr=C3=ADguez?= Date: Wed, 8 Jan 2020 16:24:38 -0300 Subject: [PATCH] Re-add --no-sandbox flag when user namespaces are off --- .SRCINFO | 4 ++-- PKGBUILD | 4 ++-- brave-bin.sh | 7 ++++++- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.SRCINFO b/.SRCINFO index 090a5b2..007a7b7 100644 --- a/.SRCINFO +++ b/.SRCINFO @@ -1,7 +1,7 @@ pkgbase = brave-bin pkgdesc = Web browser that blocks ads and trackers by default (binary release). pkgver = 1.2.42 - pkgrel = 1 + pkgrel = 2 epoch = 1 url = https://brave.com/download arch = x86_64 @@ -26,7 +26,7 @@ pkgbase = brave-bin source = brave-browser.desktop source = logo.png sha512sums = 139cb2d216f263d89824bb83f53d19dd6a646b9597707067808402a339ceaa168f574cd2b1c1fc62a579ec8b588da4604f1477c33bbedb73e5def427ca80bbc9 - sha512sums = af4c5ea43ebbff6fce305097aa184cc33d41d05a7d2b9ee873e22d215d488e56f7040572f66a2e355fa63442600808f973438ed763db5022435a3f1d66751e99 + sha512sums = 2e80e926bba79830cb0e6780d028edfc7a80b5fe81880224c1e2c31329353081f9970ba8755f9003b106a3247b26861f80a3e3ac8731e0bf3c5d515eecca60eb sha512sums = c21aecaafec43bc1ce1ea3439667efb4c7ea5e54bfa87346a9ae9650de1e90c80174b1610a9216f936f693593816c9585c6be1875b3bd318d067079c06251e92 sha512sums = d7bef52e336bd908d24bf3a084a1fc480831d27a3c80af4c31872465b6a0ce39bdf298e620ae9865526c974465807559cc75610b835e60b4358f65a8a8ff159e diff --git a/PKGBUILD b/PKGBUILD index 7564e98..87cd6bd 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -9,7 +9,7 @@ pkgname=brave-bin pkgver=1.2.42 -pkgrel=1 +pkgrel=2 epoch=1 pkgdesc="Web browser that blocks ads and trackers by default (binary release)." arch=("x86_64") @@ -27,7 +27,7 @@ source=("$pkgname-$pkgver.zip::https://github.com/brave/brave-browser/releases/d "logo.png") options=(!strip) sha512sums=("139cb2d216f263d89824bb83f53d19dd6a646b9597707067808402a339ceaa168f574cd2b1c1fc62a579ec8b588da4604f1477c33bbedb73e5def427ca80bbc9" - "af4c5ea43ebbff6fce305097aa184cc33d41d05a7d2b9ee873e22d215d488e56f7040572f66a2e355fa63442600808f973438ed763db5022435a3f1d66751e99" + "2e80e926bba79830cb0e6780d028edfc7a80b5fe81880224c1e2c31329353081f9970ba8755f9003b106a3247b26861f80a3e3ac8731e0bf3c5d515eecca60eb" "c21aecaafec43bc1ce1ea3439667efb4c7ea5e54bfa87346a9ae9650de1e90c80174b1610a9216f936f693593816c9585c6be1875b3bd318d067079c06251e92" "d7bef52e336bd908d24bf3a084a1fc480831d27a3c80af4c31872465b6a0ce39bdf298e620ae9865526c974465807559cc75610b835e60b4358f65a8a8ff159e") noextract=("$pkgname-$pkgver.zip") diff --git a/brave-bin.sh b/brave-bin.sh index 65a0fbe..641135b 100644 --- a/brave-bin.sh +++ b/brave-bin.sh @@ -8,6 +8,11 @@ if [[ -f $USER_FLAGS_FILE ]]; then USER_FLAGS="$(cat $USER_FLAGS_FILE | sed 's/#.*//')" fi +if [[ ! (-r /proc/sys/kernel/unprivileged_userns_clone && $(< /proc/sys/kernel/unprivileged_userns_clone) == 1 && -n $(zcat /proc/config.gz | grep CONFIG_USER_NS=y) ) ]]; then + >&2 echo "User namespaces are not detected as enabled on your system, Brave will run with the sandbox disabled" + SANDBOX_FLAG="--no-sandbox" +fi + BRAVE_PEPPER_FLASH_SO=${BRAVE_PEPPER_FLASH_SO:-/usr/lib/PepperFlash/libpepflashplayer.so} if [[ -f $BRAVE_PEPPER_FLASH_SO && $BRAVE_USE_FLASH_IF_AVAILABLE == "true" ]]; then BRAVE_PEPPER_FLASH_VERSION=${BRAVE_PEPPER_FLASH_VERSION:-$(LANG=C pacman -Qi pepper-flash | grep Version | sed 's/.*: //; s/\-[^-]*$//')} @@ -19,4 +24,4 @@ fi # GH Issue: https://github.com/brave/brave-browser/issues/4142 # NOTE: Replace with an exec call once we don't have to work around # this bug by having the browser be a subprocess of this script -/usr/lib/brave-bin/brave "$@" $PEPPER_FLASH_FLAG $USER_FLAGS || true +/usr/lib/brave-bin/brave "$@" $SANDBOX_FLAG $PEPPER_FLASH_FLAG $USER_FLAGS || true