[arch-dev-public] Packaging Chromium for [extra]

Thomas Bächler thomas at archlinux.org
Fri Dec 11 03:21:39 EST 2009

Pierre Schmitz schrieb:
> Am Freitag 11 Dezember 2009 01:02:34 schrieb Thomas Bächler:
>> If you just want chroot, "setcap cap_sys_chroot +ep /usr/bin/whatever" 
>> is sufficient.
> The point is that it does not work. See 
> http://src.chromium.org/svn/releases/
> At least I didn't get it working; but it might be possible. A good starting 
> point is http://code.google.com/p/chromium/wiki/LinuxSandboxing

It checks explicitly whether the "sandbox binary" is setuid, which is as 
stupid as using a setuid binary in the first place. What does the 
"sandbox binary" even do exactly? If you really need setuid for it, it's 
certainly a stupid design.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20091211/80d70130/attachment.bin>

More information about the arch-dev-public mailing list