[Feature Request]: Enable the electron sandbox

[odomingao]

Guidelines

• [X] I have searched the issue tracker for open and closed issues that are similar to the feature request I want to file, without success.
• [X] I have searched the documentation for information that matches the description of the feature request I want to file, without success.
• [X] This issue contains only one feature request.

Problem Description

Launching freetube with --enable-sandbox results in a white screen

Proposed Solution

I'd like freetube to support enabling the electron sandbox, for improved security

Alternatives Considered

If enabling the sandbox isn't possible, please consider disabling the sandbox checks on startup (if that's possible with electron), so that the program can be further restricted via MAC policies.

If the sys_admin capability is denied, you get:

FATAL:setuid_sandbox_host.cc(158)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /opt/FreeTube/chrome-sandbox is owned by root and has mode 4755. [5:0100/000000.385471:ERROR:zygote_linux.cc(673)] write: Broken pipe (32)

Issue Labels

improvement to existing feature

Additional Information

No response

[absidue]

As hinted at by the error message, even if starting with the sandbox argument worked (we would need to change a load of stuff to disable node integration in the renderer and at the moment we have higher priority things to work on), you would need to leave the permissions in place otherwise the sandbox wouldn't work, because it needs to be able to setup the OS level sandbox.

Basically the sandbox is already enabled, which is why you get the error why you remove the permissions required for the sandbox, FreeTube just doesn't enable it on the renderer level because it's incompatible with node integration in the renderer, so by passing the flag you force enabling it in the renderer too and breaking stuff which is why the windows don't work.

[odomingao]

Thanks for the clarification. Yeah, I also just noticed that manually passing --no-sandbox to the binary allows it to work without that capability.

So, if I understand correctly, freetube is sandboxed from the rest of the system, but the renderer process isn't isolated from the rest of the programs' processes (but still isolated from the rest of the system)?

[absidue]

That's how I understand the Electron docs yes. As the "website" the FreeTube loads and displays is stored on your computer and it only makes API requests and fetches media remotely, you would probably have to go out of your way to have a problem (e.g. setup a malicious Invidious instance and connect to it or paste dodgy code into the devtools or force it to load pages that it would never usually load). I'm not saying it's the most secure app on the planet, but it's probably lower risk than you would have loading random websites in your web browser. FreeTube is maintained by a few volunteers in their spare time, that have to spread their limited time across working around YouTube breakages, keeping up with other changes on YouTube's side, fixing other bugs, implementing features, keeping up with dependency updates, doing performance improvements and then doing security improvements.

[odomingao]

Got it. Thank you for the replies and, of course, for working on the project.