[arch-dev-public] Packaging Chromium for [extra]
Thomas Bächler
thomas at archlinux.org
Thu Dec 10 19:02:34 EST 2009
Pierre Schmitz schrieb:
> PS: I think I got the sandbox feature working. So don't be afraid of the suid
> binary. That is needed to chroot each browser tab. (otherwise you'll need
> selinux or seccomp; the latter didn't really work for me)
If you just want chroot, "setcap cap_sys_chroot +ep /usr/bin/whatever"
is sufficient. Setuid on a browser is the worst idea I ever heard -
especially for a feature that is supposed to provide extra security.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20091211/5734d91b/attachment.bin>
More information about the arch-dev-public
mailing list