alt Hacker NewsNote that VS Code is built on Electron and it is a pain to sandbox because Electron has (had?) SUID sandbox helper, and you cannot run SUID binaries in sandbox easily. Sandboxing on Linux is extremely difficult task.
Replies
NewJazz • yesterday at 9:52 PM
Don't build your ide on electron then.
duped • yesterday at 8:27 PM
podman seems to handle rootless namespaces just fine, minor caveat for some perf overhead but it's not the end of the world.
➕ show 1 reply
It feels so bad to see the "You need go give Chrome SUID Root for the sandbox to work". Setting a Web Browser SUID Root was an old joke about clueless users. It was the worst security screwup someone could imagine.