search

element-hq / element-desktop

A glossy Matrix collaboration client for desktop.
https://element.io
Apache License 2.0
1.08k stars 240 forks source link

macOS sandbox #1728

Open appleisshit opened 1 week ago

appleisshit commented 1 week ago

Your use case

What would you like to do?

Enable macOS app sandbox.

Why would you like to do it?

It states here that the macOS app sandbox is not enabled due to the electron-builder issue. But it was fixed more than 4 years ago. Enabling the sandbox will reduce harm from vulnerabilities such as GHSA-mjrg-9f8r-h3m7.

How would you like to achieve it?

Enable com.apple.security.app-sandbox entitlement.

Have you considered any alternatives?

No response

Additional context

No response

t3chguy commented 1 week ago

https://www.electronjs.org/docs/latest/tutorial/mac-app-store-submission-guide#limitations-of-mas-build implies that enabling app sandboxing breaks a few things including crashReporter and more critically autoUpdater. If that is the case then the sandboxing would be blocked by https://github.com/element-hq/element-desktop/issues/655