It's hard to say how much of the scheme-like language is supported.
There are some provided examples, but they all say things like "this
is an example, don't try to use it". In addition, several modules of
the TrustedBSD code aren't present (Apple hand-rolled several of their
own) so it's not like we have access to the full power even if we do
manage to get under the hood and use something other than the default
profiles.
It's feels to me like Apple is intending developers to use (right now,
in Leopard) only the supported profiles in the API. We can talk to
them more if we need to go off the reservation, but let's see if we
can stick within that bound until we need it.
On Fri, Nov 21, 2008 at 6:56 PM, Adam Langley <[EMAIL PROTECTED]> wrote:
>
>> Definitely we would need a way to give more resources to the renderer
>> after the process has been locked down. In windows we also have the
>> fonts issue but we do a neat trick to get them working. That is to say
>> that we should try hard to use the most restrictive setting ('pure
>> computation').
>
> There are some default profiles for the sandbox, but it's the
> TrustedBSD code: basically there's a full Scheme like language for
> defining exactly what the sandboxed process can do which is compiled
> down to a bytecode. You should be able to craft any contours of
> control with that.
>
> AGL
>
> >
>
--
Mike Pinkerton
Mac Weenie
[EMAIL PROTECTED]
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-dev" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
