Can't we shame someone in the linuxosphere to add macos style sandbox() to the kernel? Linus
On Tue, Jan 27, 2009 at 1:58 AM, Dean McNamee <[email protected]> wrote: > > Well, we don't have a sandbox on Linux. The normal fd-passing > recvmesg() should work fine. Who knows if it will work if we ever get > a sandbox. > > On Tue, Jan 27, 2009 at 5:55 AM, Andrew Scherkus <[email protected]> > wrote: > > Great! I'm really interested in using shared FDs. > > Just to clarify, we're unsure whether this works for Linux? > > Thanks again, > > Andrew > > On Mon, Jan 26, 2009 at 2:17 PM, Jeremy Moskovich <[email protected]> > > wrote: > >> > >> There's been discussion recently about sending FDs between processes so > >> that renderer processes can access files directly. > >> > >> I ran some tests on OS X to see whether you can send an FD when the > >> receiving process is sandboxed. > >> > >> It turns out that this does indeed work, even when using the more > >> restrictive kSBXProfilePureComputation sandbox profile. > >> > >> Note that support for this still needs to be added to the POSIX version > of > >> IPC::Channel. > >> > >> Best regards, > >> Jeremy > > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
