-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/20/2011 03:46 AM, GSO wrote: > I've posted over on chromium-discuss > https://groups.google.com/a/chromium.org/group/chromium-discuss/browse_thread/thread/14a0fd7069d5a9de# > - no reply so far though > > The main wiki page on the subject seems to be here... > https://code.google.com/p/chromium/wiki/LinuxSandboxing There seem to > be various sandbox compiling options, might one of these be an option! > > Chromium seems to work OK in the sandbox with the --no-sandbox chromium > option, though with the obvious caveats... > https://groups.google.com/group/google-chrome-help-troubleshooting/browse_thread/thread/1f07597381e63a02 > > > > On 19 June 2011 17:53, Dominick Grift <domg472@xxxxxxxxx > <mailto:domg472@xxxxxxxxx>> wrote: > > > > On Sun, 2011-06-19 at 13:57 +0100, GSO wrote: > > The default build using the google repos results in chromium > grinding to a > > halt with a black window when run in a sandbox. Is it technically > possible > > to run chrome in a sandbox, would building from source fix this at > all? > > I do not think it will work since both sandbox an chrome use namespace > and chrome cant run if sandbox already runs in a namespace (or something > along those lines is my understanding if this issue) > > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:selinux@xxxxxxxxxxxxxxxxxxxxxxx> > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux We have been looking into this issue, and are not sure what is causing the problem. It is definitely related to namespace. If you run in permissive mode and run sandbox -X xterm Then run chrome you will see it complain about the namespace. One issue we saw was we were removing the Capabilities bounding set and thought chrome could not get capabilities, but we changed seunshare to not modify the bounding set, so now we do not believe it is caused by capabilities. I believe it is something to do with namespace interaction. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3/K1sACgkQrlYvE4MpobPxMQCg1igF7pCv+AABvuQWGi14SNms jCAAnR+mBIC0jcYKpTDCFIbkhYMTQ4pB =yTlP -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
