From 2e9f2f1a3fb7259921475ee390befd0c07eead06 Mon Sep 17 00:00:00 2001
From: Dave <dave@blakey.co>
Date: Sun, 29 Mar 2026 18:00:39 +0200
Subject: [PATCH] fix(elevation): disable renderer sandbox when running as root
 on Linux

The --no-sandbox command-line switch only disables the browser/GPU
process sandbox, not the per-renderer sandbox set via webPreferences.
When relaunched as root via pkexec, Chromium's renderer sandbox fails
silently (Linux namespaces don't work under root), leaving a grey
window with no content.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/main/index.ts | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/main/index.ts b/src/main/index.ts
index 87fcdaf..7da0b4b 100644
--- a/src/main/index.ts
+++ b/src/main/index.ts
@@ -52,11 +52,12 @@ if (dataDirFlag) {
 // ─── Root detection (macOS + Linux) ─────────────────────────
 // Chromium refuses to run as root without --no-sandbox.  Also required
 // on macOS for clipboard access (paste) in the elevated process.
-if (
+const isRoot =
   (process.platform === 'linux' || process.platform === 'darwin') &&
   typeof process.getuid === 'function' &&
   process.getuid() === 0
-) {
+
+if (isRoot) {
   app.commandLine.appendSwitch('no-sandbox')
 }
 
@@ -319,7 +320,11 @@ function createWindow(): void {
       preload: join(__dirname, '../preload/index.js'),
       contextIsolation: true,
       nodeIntegration: false,
-      sandbox: true
+      // Chromium's renderer sandbox uses Linux namespaces that fail
+      // when running as root (e.g. after pkexec relaunch).  The
+      // --no-sandbox switch only covers the browser/GPU processes;
+      // this flag must also be false to prevent a blank grey window.
+      sandbox: !isRoot
     }
   })