On mer., 2011-08-17 at 13:30 +0200, Milan Broz wrote: > On 08/17/2011 12:48 PM, Milan Broz wrote: > >> For chromium, it might be that the default sandboxing (setuid one) > uses > >> PID and network namespaces. Not sure why it'd mess with semaphores, > but > >> maybe there's something to look at there. > > It is apparently related to sandboxing, namely to using namespaces > (You need kernel support for it to reproduce. See about:sandbox in > chromium.) > > I would really like to know what crazy is chromium doing to global > system. > > Despite I like the idea of sandboxing I have to ask > why it is part of "browser" and not some separate package. > What's next? Bundled kernel? :) Because each tab is sandboxed. There's a seccomp sandbox available too. > > Also installing setuid /usr/lib64/chromium/chromium-sandbox ... > Not even man page for it. Sigh... See http://code.google.com/p/chromium/wiki/LinuxSandboxing -- Yves-Alexis _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
