element-hq
macOS sandbox
Your use case
What would you like to do?
Enable macOS app sandbox.
Why would you like to do it?
It states here that the macOS app sandbox is not enabled due to the electron-builder issue. But it was fixed more than 4 years ago. Enabling the sandbox will reduce harm from vulnerabilities such as GHSA-mjrg-9f8r-h3m7.
How would you like to achieve it?
Enable com.apple.security.app-sandbox entitlement.
Have you considered any alternatives?
No response
Additional context
No response
https://www.electronjs.org/docs/latest/tutorial/mac-app-store-submission-guide#limitations-of-mas-build implies that enabling app sandboxing breaks a few things including crashReporter and more critically autoUpdater. If that is the case then the sandboxing would be blocked by https://github.com/element-hq/element-desktop/issues/655
https://www.electronjs.org/docs/latest/tutorial/mac-app-store-submission-guide#limitations-of-mas-build implies that enabling app sandboxing breaks a few things including crashReporter and more critically autoUpdater. If that is the case then the sandboxing would be blocked by #655
But also #655 would be blocked by this. You can provide two versions, one unsandboxed with auto-updates and one sandboxed from the Mac App Store.
We don't have plans or resources to ship, test, and maintain two different releases. So it'd be one or the other.
We don't have plans or resources to ship, test, and maintain two different releases. So it'd be one or the other.
Then how will existing installations be converted to the sandboxed version? They will have to manually reinstall from the Mac App Store.
Yes, there could be a final update which features a guide on how to transition if the management decide that we wish to move to MAS.