Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: docs/linux_suid_sandbox.md

Issue 1506233004: Fix link to Zygote process documentation. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Linux `SUID` Sandbox 1 # Linux `SUID` Sandbox
2 2
3 With [r20110](https://crrev.com/20110), Chromium on Linux can now sandbox its 3 With [r20110](https://crrev.com/20110), Chromium on Linux can now sandbox its
4 renderers using a `SUID` helper binary. This is one of 4 renderers using a `SUID` helper binary. This is one of
5 [our layer-1 sandboxing solutions](linux_sandboxing.md). 5 [our layer-1 sandboxing solutions](linux_sandboxing.md).
6 6
7 ## `SUID` helper executable 7 ## `SUID` helper executable
8 8
9 The `SUID` helper binary is called `chrome_sandbox` and you must build it 9 The `SUID` helper binary is called `chrome_sandbox` and you must build it
10 separately from the main 'chrome' target. To use this sandbox, you have to 10 separately from the main 'chrome' target. To use this sandbox, you have to
11 specify its path in the `linux_sandbox_path` GYP variable. When spawning the 11 specify its path in the `linux_sandbox_path` GYP variable. When spawning the
12 [zygote process](linux_zygote/md), if the `SUID` sandbox is enabled, Chromium 12 [zygote process](linux_zygote.md), if the `SUID` sandbox is enabled, Chromium
13 will check for the sandbox binary at the location specified by 13 will check for the sandbox binary at the location specified by
14 `linux_sandbox_path`. For Google Chrome, this is set to 14 `linux_sandbox_path`. For Google Chrome, this is set to
15 `/opt/google/chrome/chrome-sandbox`, and early version had this value hard coded 15 `/opt/google/chrome/chrome-sandbox`, and early version had this value hard coded
16 in `chrome/browser/zygote_host_linux.cc`. 16 in `chrome/browser/zygote_host_linux.cc`.
17 17
18 18
19 In order for the sandbox to be used, the following conditions must be met: 19 In order for the sandbox to be used, the following conditions must be met:
20 20
21 * The sandbox binary must be executable by the Chromium process. 21 * The sandbox binary must be executable by the Chromium process.
22 * It must be `SUID` and executable by other. 22 * It must be `SUID` and executable by other.
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
121 `/opt/google/chrome/chrome`. This string is hard coded 121 `/opt/google/chrome/chrome`. This string is hard coded
122 (`sandbox/linux/suid/sandbox.cc`). If your package is going to place the 122 (`sandbox/linux/suid/sandbox.cc`). If your package is going to place the
123 Chromium binary somewhere else you need to modify this string. 123 Chromium binary somewhere else you need to modify this string.
124 124
125 ## See also 125 ## See also
126 126
127 * [LinuxSUIDSandboxDevelopment](linux_suid_sandbox_development.md) 127 * [LinuxSUIDSandboxDevelopment](linux_suid_sandbox_development.md)
128 * [LinuxSandboxing](linux_sandboxing.md) 128 * [LinuxSandboxing](linux_sandboxing.md)
129 * General information on Chromium sandboxing: 129 * General information on Chromium sandboxing:
130 http://dev.chromium.org/developers/design-documents/sandbox 130 http://dev.chromium.org/developers/design-documents/sandbox
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698