[arch-dev-public] Packaging Chromium for [extra]

Thomas Bächler thomas at archlinux.org
Thu Dec 10 19:02:34 EST 2009

Pierre Schmitz schrieb:
> PS: I think I got the sandbox feature working. So don't be afraid of the suid 
> binary. That is needed to chroot each browser tab. (otherwise you'll need 
> selinux or seccomp; the latter didn't really work for me)

If you just want chroot, "setcap cap_sys_chroot +ep /usr/bin/whatever" 
is sufficient. Setuid on a browser is the worst idea I ever heard - 
especially for a feature that is supposed to provide extra security.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20091211/5734d91b/attachment.bin>

More information about the arch-dev-public mailing list