On 08/17/2011 02:17 PM, Yves-Alexis Perez wrote: >> I would really like to know what crazy is chromium doing to global >> system. >> >> Despite I like the idea of sandboxing I have to ask >> why it is part of "browser" and not some separate package. >> What's next? Bundled kernel? :) > > Because each tab is sandboxed. There's a seccomp sandbox available too. It doesn't mean it should install trillion of bundled libraries. (Not that other browsers are much bettter...) Whatever, the bug is neither in chromium nor in cryptsetup and libdevmapper but kernel. Sandoxing uses clone with CLONE_NEWNET (use own net namespace) and after that call some udev event in kernel reports failure (netlink send fails). I will report that upstream because this is quite unexpected result, easily reproducible with simple clone() and dmsetup. (DM is here victim because it is one of the rare users of kobject_uevent_env() which checks return value, others quietly ignore this failure:-) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
