OLD | NEW |
1 # Linux `SUID` Sandbox | 1 # Linux `SUID` Sandbox |
2 | 2 |
| 3 *IMPORTANT NOTE: The Linux SUID sandbox is almost but not completely removed. |
| 4 See https://bugs.chromium.org/p/chromium/issues/detail?id=598454 |
| 5 This page is mostly out-of-date.* |
| 6 |
3 With [r20110](https://crrev.com/20110), Chromium on Linux can now sandbox its | 7 With [r20110](https://crrev.com/20110), Chromium on Linux can now sandbox its |
4 renderers using a `SUID` helper binary. This is one of | 8 renderers using a `SUID` helper binary. This is one of |
5 [our layer-1 sandboxing solutions](linux_sandboxing.md). | 9 [our layer-1 sandboxing solutions](linux_sandboxing.md). |
6 | 10 |
7 ## `SUID` helper executable | 11 ## `SUID` helper executable |
8 | 12 |
9 The `SUID` helper binary is called `chrome_sandbox` and you must build it | 13 The `SUID` helper binary is called `chrome_sandbox` and you must build it |
10 separately from the main 'chrome' target. To use this sandbox, you have to | 14 separately from the main 'chrome' target. To use this sandbox, you have to |
11 specify its path in the `linux_sandbox_path` GYP variable. When spawning the | 15 specify its path in the `linux_sandbox_path` GYP variable. When spawning the |
12 [zygote process](linux_zygote.md), if the `SUID` sandbox is enabled, Chromium | 16 [zygote process](linux_zygote.md), if the `SUID` sandbox is enabled, Chromium |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
121 `/opt/google/chrome/chrome`. This string is hard coded | 125 `/opt/google/chrome/chrome`. This string is hard coded |
122 (`sandbox/linux/suid/sandbox.cc`). If your package is going to place the | 126 (`sandbox/linux/suid/sandbox.cc`). If your package is going to place the |
123 Chromium binary somewhere else you need to modify this string. | 127 Chromium binary somewhere else you need to modify this string. |
124 | 128 |
125 ## See also | 129 ## See also |
126 | 130 |
127 * [LinuxSUIDSandboxDevelopment](linux_suid_sandbox_development.md) | 131 * [LinuxSUIDSandboxDevelopment](linux_suid_sandbox_development.md) |
128 * [LinuxSandboxing](linux_sandboxing.md) | 132 * [LinuxSandboxing](linux_sandboxing.md) |
129 * General information on Chromium sandboxing: | 133 * General information on Chromium sandboxing: |
130 http://dev.chromium.org/developers/design-documents/sandbox | 134 http://dev.chromium.org/developers/design-documents/sandbox |
OLD | NEW |