Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(951)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: docs/linux_suid_sandbox.md

Issue 1877013002: Update Linux build docs to remove GYP references. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« docs/linux_debugging.md ('K') | « docs/linux_faster_builds.md ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Linux `SUID` Sandbox 1 # Linux `SUID` Sandbox
2 2
3 With [r20110](https://crrev.com/20110), Chromium on Linux can now sandbox its 3 With [r20110](https://crrev.com/20110), Chromium on Linux can now sandbox its
4 renderers using a `SUID` helper binary. This is one of 4 renderers using a `SUID` helper binary. This is one of
5 [our layer-1 sandboxing solutions](linux_sandboxing.md). 5 [our layer-1 sandboxing solutions](linux_sandboxing.md).
6 6
7 ## `SUID` helper executable 7 ## `SUID` helper executable
8 8
9 *TODO This section seems to be out-of-date as `linux_sandbox_path` does not
10 exist in the build. Please fix if you know about this!*
Dirk Pranke 2016/04/11 21:51:07 The setuid sandbox is almost, but not completely g
11
9 The `SUID` helper binary is called `chrome_sandbox` and you must build it 12 The `SUID` helper binary is called `chrome_sandbox` and you must build it
10 separately from the main 'chrome' target. To use this sandbox, you have to 13 separately from the main 'chrome' target. To use this sandbox, you have to
11 specify its path in the `linux_sandbox_path` GYP variable. When spawning the 14 specify its path in the `linux_sandbox_path` GYP variable. When spawning the
12 [zygote process](linux_zygote.md), if the `SUID` sandbox is enabled, Chromium 15 [zygote process](linux_zygote.md), if the `SUID` sandbox is enabled, Chromium
13 will check for the sandbox binary at the location specified by 16 will check for the sandbox binary at the location specified by
14 `linux_sandbox_path`. For Google Chrome, this is set to 17 `linux_sandbox_path`. For Google Chrome, this is set to
15 `/opt/google/chrome/chrome-sandbox`, and early version had this value hard coded 18 `/opt/google/chrome/chrome-sandbox`, and early version had this value hard coded
16 in `chrome/browser/zygote_host_linux.cc`. 19 in `chrome/browser/zygote_host_linux.cc`.
17 20
18 21
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after
121 `/opt/google/chrome/chrome`. This string is hard coded 124 `/opt/google/chrome/chrome`. This string is hard coded
122 (`sandbox/linux/suid/sandbox.cc`). If your package is going to place the 125 (`sandbox/linux/suid/sandbox.cc`). If your package is going to place the
123 Chromium binary somewhere else you need to modify this string. 126 Chromium binary somewhere else you need to modify this string.
124 127
125 ## See also 128 ## See also
126 129
127 * [LinuxSUIDSandboxDevelopment](linux_suid_sandbox_development.md) 130 * [LinuxSUIDSandboxDevelopment](linux_suid_sandbox_development.md)
128 * [LinuxSandboxing](linux_sandboxing.md) 131 * [LinuxSandboxing](linux_sandboxing.md)
129 * General information on Chromium sandboxing: 132 * General information on Chromium sandboxing:
130 http://dev.chromium.org/developers/design-documents/sandbox 133 http://dev.chromium.org/developers/design-documents/sandbox
OLDNEW
« docs/linux_debugging.md ('K') | « docs/linux_faster_builds.md ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698