-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/24/2011 11:33 AM, Genes MailLists wrote: > On 05/24/2011 11:17 AM, Daniel J Walsh wrote: > >> Well chromium-browser is complaining about >> >> Failed to more to new PID namespace: Operation not permitted >> >> Even in permissive mode. I guess the problem is that chromium can not >> run within a sandbox. >> >> If you execute >> >> mkdir -P ~/sandbox/tmp >> mkdir -P ~/sandbox/home >> seunshare -t ~/sandbox/tmp -h ~/sandbox/home -- /usr/bin/chromium-browser >> >> You will get the error. >> >> I am not sure you can clone within a clone... >> -- > >> > > > Right it doesn't work for sure - I had vague recollections someone > (you I think?) saying they might try touch base with the google folks > about co-coordinating to try make selinux sandbox work .. that was a few > months ago ... but dont remember when exactly ... > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux Basically it looks like the clone call within the chromium-browser is failing. I have a feeling this has something to do wit seunshare calling unshare(CLONE_NEWNS); And then later chromium calling clone(...) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3b0GEACgkQrlYvE4MpobNMUQCgqj7qTg47ZWhCUoMQ5laIR73d EAUAoJ806vPuMvfv2zdvWwOYF/Tuh4Q5 =OlNj -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
