Linux: add support for SELinux.
This patch adds support for a selinux GYP variable which, when set to
one, does the following:
* Removes the seccomp sandbox from the compile
* Removes support for SUID sandboxing from the zygote
* Performs a dynamic transition, in the zygote, to
chromium_renderer_t.
This code requires that the system policy have a sensible set of
access vectors for the chromium_renderer_t type. Such a policy will be
found in sandbox/selinux in the future.
http://codereview.chromium.org/203071
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26257 0039d316-1c4b-4281-b951-d872f2087c98
Showing
- build/common.gypi 6 additions, 0 deletionsbuild/common.gypi
- build/linux/system.gyp 9 additions, 0 deletionsbuild/linux/system.gyp
- chrome/browser/zygote_main_linux.cc 62 additions, 16 deletionschrome/browser/zygote_main_linux.cc
- chrome/chrome.gyp 15 additions, 4 deletionschrome/chrome.gyp
- chrome/renderer/renderer_main_platform_delegate_linux.cc 1 addition, 1 deletionchrome/renderer/renderer_main_platform_delegate_linux.cc
- sandbox/sandbox.gyp 10 additions, 1 deletionsandbox/sandbox.gyp
Loading
Please register or sign in to comment