-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/20/2011 03:46 AM, GSO wrote:
I've posted over on chromium-discuss
https://groups.google.com/a/chromium.org/group/chromium-discuss/browse_th...
- no reply so far though
The main wiki page on the subject seems to be here...
https://code.google.com/p/chromium/wiki/LinuxSandboxing There seem to
be various sandbox compiling options, might one of these be an option!
Chromium seems to work OK in the sandbox with the --no-sandbox chromium
option, though with the obvious caveats...
https://groups.google.com/group/google-chrome-help-troubleshooting/browse...
On 19 June 2011 17:53, Dominick Grift <domg472(a)gmail.com
<mailto:domg472@gmail.com>> wrote:
On Sun, 2011-06-19 at 13:57 +0100, GSO wrote:
> The default build using the google repos results in chromium
grinding to a
> halt with a black window when run in a sandbox. Is it technically
possible
> to run chrome in a sandbox, would building from source fix this at
all?
I do not think it will work since both sandbox an chrome use namespace
and chrome cant run if sandbox already runs in a namespace (or something
along those lines is my understanding if this issue)
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
<mailto:selinux@lists.fedoraproject.org>
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
We have been looking into this issue, and are not sure what is causing
the problem. It is definitely related to namespace. If you run in
permissive mode and run
sandbox -X xterm
Then run chrome you will see it complain about the namespace. One issue
we saw was we were removing the Capabilities bounding set and thought
chrome could not get capabilities, but we changed seunshare to not
modify the bounding set, so now we do not believe it is caused by
capabilities.
I believe it is something to do with namespace interaction.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk3/K1sACgkQrlYvE4MpobPxMQCg1igF7pCv+AABvuQWGi14SNms
jCAAnR+mBIC0jcYKpTDCFIbkhYMTQ4pB
=yTlP
-----END PGP SIGNATURE-----