[arch-dev-public] Packaging Chromium for [extra]
Thomas Bächler
thomas at archlinux.org
Fri Dec 11 03:21:39 EST 2009
Pierre Schmitz schrieb:
> Am Freitag 11 Dezember 2009 01:02:34 schrieb Thomas Bächler:
>> If you just want chroot, "setcap cap_sys_chroot +ep /usr/bin/whatever"
>> is sufficient.
>
> The point is that it does not work. See
> http://src.chromium.org/svn/releases/4.0.267.0/src/chrome/browser/zygote_host_linux.cc
>
> At least I didn't get it working; but it might be possible. A good starting
> point is http://code.google.com/p/chromium/wiki/LinuxSandboxing
It checks explicitly whether the "sandbox binary" is setuid, which is as
stupid as using a setuid binary in the first place. What does the
"sandbox binary" even do exactly? If you really need setuid for it, it's
certainly a stupid design.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20091211/80d70130/attachment.bin>
More information about the arch-dev-public
mailing list