Chromium sandboxing on FreeBSD
Baptiste Daroussin
bapt at FreeBSD.org
Sat Jul 9 19:52:40 UTC 2016
On Sat, Jul 09, 2016 at 11:36:22AM -0700, Matthew Macy wrote:
>
> How much of Chromium's sandboxing code actually works on FreeBSD? On Linux it relies in part on user namespaces which appear to be a much more modular equivalent of jails usable by unprivileged processes.
People working on chromium (now, I'm not anymore) would know better but Google
sponsored capsicum development for sanboxing chromium, there are lots of
talks/papers available out there explaining that. But on the otherside upstream
never accepted (or almost never accepted) our patches to run on freebsd
resulting in the current ports as now contain 395 patches to run there. So the
capsicum patches were never integrated neither upstream neither on freebsd...
btw big thanks to the people working on keeping chromium working on FreeBSD
given how unfriendly upstream is...
Google chrome team is not friendly to projects which are not Linux, Windows or
Mac OS.
Best regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-chromium/attachments/20160709/ea8e6979/attachment.sig>
More information about the freebsd-chromium
mailing list