(In the Linux meeting I said I would write a handoff email about AppArmor. This is it.)
AppArmor is a path based MAC system that is installed by default on Ubuntu (although almost unused by it). Since it's path based, the browser and renderer binaries need to be different so that the sandbox triggers for one but not the other. However, a hard link is sufficient and saves a lot of space and memory. Thus we want one inode with two directory entries: one 'chromium' and the other 'chromium-renderer'. So there's a patch that I've abandoned to do that: http://codereview.chromium.org/50034 And here's details about setting it up: http://www.mail-archive.com/[email protected]/msg02764.html --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
