Closed mikeal closed 4 years ago
rvagg
commented
5 years ago I can't find docs on the sandbox, what does it prevent? Is there a risk of presenting a false browser environment for tests that won't exist in a real browser? Should I make this an opt-in thing or does it make sense for it to be universal.
mikeal
commented
5 years ago I was incorrect about it changing browser features, I was confusing it with another flag. It’s strictly about running as root, it’s about protecting the host environment from the browser process. Note that even with this flag there’s still a setuid sandbox, so the test will still run in a sandbox that talks to the main thread running as root.
If you want to move it to a flag that’s fine, but it’s fairly common to run docker containers as root since they are already isolated and this just ads one more flag to remember 🤷♂️
rvagg
commented
4 years ago yeah, those docs make sense, kinda, I still wouldn't mind learning more about the detail of this but it seems reasonable and doesn't sound like it creates an artificial environment, which is my primary concern.
aside though, you still shouldn't run as root in a docker container where you can manage not to
rvagg
commented
4 years ago merged and published
This option makes several features available in the browser and also enables running tests as root in linux environments (which is rather common when you’re running everything in a docker container anyway).