fix(browser): drop redundant setuid sandbox flag · openclaw/openclaw@2483d1d
steipete
·
2026-04-25
·
via Recent Commits to openclaw:main
File tree
extensions/browser/src/browser
| Original file line number | Diff line number | Diff line change |
|---|
@@ -20,6 +20,7 @@ Docs: https://docs.openclaw.ai
|
20 | 20 | - Telegram: remove the startup persisted-offset `getUpdates` preflight so polling restarts do not self-conflict before the runner starts. Fixes #69304. (#69779) Thanks @chinar-amrutkar. |
21 | 21 | - Browser/Playwright: ignore benign already-handled route races during guarded navigation so browser-page tasks no longer fail when Playwright tears down a route mid-flight. (#68708) Thanks @Steady-ai. |
22 | 22 | - Browser/downloads: seed managed Chrome profiles with OpenClaw download prefs and capture unmanaged click-triggered downloads under the guarded downloads directory, while explicit download waiters still own their target file. (#64558) Thanks @Pearcekieser. |
| 23 | +- Browser/Chrome: stop passing redundant `--disable-setuid-sandbox` when `browser.noSandbox` is enabled; `--no-sandbox` remains the effective sandbox opt-out. (#67939) Thanks @sebykrueger. |
23 | 24 | - Browser/aria snapshots: bind `format=aria` `axN` refs to live DOM nodes through backend DOM ids when Playwright is available, so follow-up browser actions can use those refs without timing out. (#62434) Thanks @MrKipler. |
24 | 25 | - Telegram: prevent duplicate in-process long pollers for the same bot token and add clearer `getUpdates` conflict diagnostics for external duplicate pollers. Fixes #56230. |
25 | 26 | - Browser/Linux: detect Chromium-based installs under `/opt/google`, `/opt/brave.com`, `/usr/lib/chromium`, and `/usr/lib/chromium-browser` before asking users to set `browser.executablePath`. (#48563) Thanks @lupuletic. |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -881,7 +881,7 @@ noVNC observer access uses VNC auth by default and OpenClaw emits a short-lived
|
881 | 881 | - `--renderer-process-limit=2` can be changed with |
882 | 882 | `OPENCLAW_BROWSER_RENDERER_PROCESS_LIMIT=<N>`; set `0` to use Chromium's |
883 | 883 | default process limit. |
884 | | -- plus `--no-sandbox` and `--disable-setuid-sandbox` when `noSandbox` is enabled. |
| 884 | +- plus `--no-sandbox` when `noSandbox` is enabled. |
885 | 885 | - Defaults are the container image baseline; use a custom browser image with a custom |
886 | 886 | entrypoint to change container defaults. |
887 | 887 | |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -393,7 +393,7 @@ for containerized workloads. Current container defaults include:
|
393 | 393 | - `--no-zygote` |
394 | 394 | - `--metrics-recording-only` |
395 | 395 | - `--renderer-process-limit=2` |
396 | | -- `--no-sandbox` and `--disable-setuid-sandbox` when `noSandbox` is enabled. |
| 396 | +- `--no-sandbox` when `noSandbox` is enabled. |
397 | 397 | - The three graphics hardening flags (`--disable-3d-apis`, |
398 | 398 | `--disable-software-rasterizer`, `--disable-gpu`) are optional and are useful |
399 | 399 | when containers lack GPU support. Set `OPENCLAW_BROWSER_DISABLE_GRAPHICS_FLAGS=0` |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -210,7 +210,7 @@ describe("chrome.ts internal", () => {
|
210 | 210 | userDataDir: "/tmp/foo", |
211 | 211 | }); |
212 | 212 | expect(args).toContain("--no-sandbox"); |
213 | | -expect(args).toContain("--disable-setuid-sandbox"); |
| 213 | +expect(args).not.toContain("--disable-setuid-sandbox"); |
214 | 214 | }); |
215 | 215 | |
216 | 216 | it("adds --disable-dev-shm-usage on linux", () => { |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -245,7 +245,6 @@ export function buildOpenClawChromeLaunchArgs(params: {
|
245 | 245 | } |
246 | 246 | if (resolved.noSandbox) { |
247 | 247 | args.push("--no-sandbox"); |
248 | | -args.push("--disable-setuid-sandbox"); |
249 | 248 | } |
250 | 249 | if (process.platform === "linux") { |
251 | 250 | args.push("--disable-dev-shm-usage"); |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。