From: | "Paweł Hajdan |
---|---|
To: | gentoo-hardened@l.g.o |
Subject: | [gentoo-hardened] www-client/chromium SELinux sandbox |
Date: | Tue, 10 Apr 2012 12:02:29 |
Message-Id: | 4F841568.5000307@gentoo.org |
1 | I'm experimenting with Chromium SELinux sandbox |
2 | (<http://code.google.com/p/chromium/wiki/LinuxSandboxing>) and came up |
3 | with a working policy module (attached). |
4 | |
5 | Note that for that to be effective one has to compile chromium with |
6 | -Dselinux=1 gyp flag, and I've not yet committed such change to CVS |
7 | (waiting for 20.x dev channel release, so that it has a lot of testing |
8 | before unmasking). |
9 | |
10 | How does the attached policy look to you? (I'm SELinux newbie, although |
11 | I probably know Chromium pretty well as its developer and packager) |
12 | |
13 | You can also compare that with policy module written for Chromium by |
14 | another Chromium developer in 2010: |
15 | <http://src.chromium.org/viewvc/chrome/trunk/src/sandbox/linux/selinux/chromium-browser.te?view=markup> |
16 | |
17 | What are the next steps to add this policy to Gentoo? |
File name | MIME type |
---|---|
chromium-browser.te | text/plain |
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-hardened] www-client/chromium SELinux sandbox | Sven Vermeulen <swift@g.o> |