[arch-dev-public] Packaging Chromium for [extra]
thomas at archlinux.org
Thu Dec 10 19:02:34 EST 2009
Pierre Schmitz schrieb:
> PS: I think I got the sandbox feature working. So don't be afraid of the suid
> binary. That is needed to chroot each browser tab. (otherwise you'll need
> selinux or seccomp; the latter didn't really work for me)
If you just want chroot, "setcap cap_sys_chroot +ep /usr/bin/whatever"
is sufficient. Setuid on a browser is the worst idea I ever heard -
especially for a feature that is supposed to provide extra security.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 261 bytes
Desc: OpenPGP digital signature
More information about the arch-dev-public