From 058e00888c406e9ea1e7187ff65c9406a0032b3a Mon Sep 17 00:00:00 2001
From: Matthias <tuttiacc@hotmail.com>
Date: Tue, 6 Aug 2024 23:55:14 +0200
Subject: [PATCH] add chwon chrome-sandbox to postinst script

---
 scripts/extend-deb-postinst.mjs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/scripts/extend-deb-postinst.mjs b/scripts/extend-deb-postinst.mjs
index 5df33130..f9d3b856 100644
--- a/scripts/extend-deb-postinst.mjs
+++ b/scripts/extend-deb-postinst.mjs
@@ -32,7 +32,7 @@ console.log('.deb file unpacked.');
 const posinstPath = `${unpackDirectory}/DEBIAN/postinst`;
 const postinstScript = fs.readFileSync(posinstPath, 'utf-8');
 const postinstScriptModified = postinstScript.replace(
-  "chrome-sandbox' || true",
+  '# SUID chrome-sandbox for Electron 5+',
   `chrome-sandbox' || true
 
 if [ -e /etc/lsb-release ]; then
@@ -48,6 +48,9 @@ if [ -e /etc/lsb-release ]; then
 
   if [ $release_version == "24.04" ]; then
 
+  # chown the sandbox on Ubuntu 24.04
+  chown '/opt/${productName}/chrome-sandbox' || true
+
   # add AppArmor profile on Ubuntu 24.04
   profile_content="# This profile allows everything and only exists to give the
 # application a name instead of having the label "unconfined"
@@ -64,9 +67,13 @@ profile ${appId} '/opt/${productName}/${appId}' flags=(unconfined) {
 
     echo "$profile_content" > /etc/apparmor.d/${appId}
 
+    systemctl reload apparmor.service
+
   fi
 
 fi
+
+# SUID chrome-sandbox for Electron 5+
 `,
 );