Is this just out of curiosity? Is there something specific you're trying to achieve? On Thu, Jul 30, 2009 at 9:32 AM, n179911 <[email protected]> wrote:
> On Thu, Jul 30, 2009 at 9:08 AM, Jeremy Moskovich<[email protected]> > wrote: > > Hi, > > It would really help if you could provide some details on what your > trying > > to do. > > Best regards, > > Jeremy > > > From the > http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design > > It said "In the renderer, we would probably want to use a combination of > kSBXProfileNoNetwork and kSBXProfileNoWrite. If possible, we would > like to get by with kSBXProfilePureComputation," > > I am trying to see what it the current setting in chromium. I can't > find that in renderer.sb or when sandbox_init() is called. And then I > would want to see if I can switch it to 'kSBXProfilePureComputation' > and see what may break. > > Regards, > > > > > On Thu, Jul 30, 2009 at 9:06 AM, n179911 <[email protected]> wrote: > >> > >> Thank you. Can you please tell me how can I change the configure file > >> (renderer.sb) to use > >> other sandbox profile, like the one described in man page: > >> > >> * kSBXProfileNoInternet > >> * kSBXProfileNoNetwork > >> * kSBXProfileNoWrite > >> * kSBXProfileNoWriteExceptTemporary > >> * kSBXProfilePureComputation > >> > >> And I did try looking for the sandbox configuration format, but this > >> is the only thing I found, but it does not contain sandbox config file > >> format > >> > >> > http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/ManPages/man3/sandbox_init.3.html > >> > >> > >> On Thu, Jul 30, 2009 at 5:21 AM, Thomas Van Lenten< > [email protected]> > >> wrote: > >> > Those constants are pre-configured settings. The NAMED_EXTERNAL flag > >> > lets > >> > us pass in our own config, which is the renderer.sb. Apple hasn't > >> > really > >> > documented the file format, but if you do some searching on the web, > >> > you'll > >> > find some documentation folks have figured out and I believe there was > a > >> > talk given at one point by some of the Apple folks that work on it. > >> > TVL > >> > > >> > On Thu, Jul 30, 2009 at 2:32 AM, n179911 <[email protected]> wrote: > >> >> > >> >> Hi, > >> >> > >> >> I read this article: > >> >> > >> >> > >> >> > http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design > >> >> > >> >> It said Mac OSX supports five constants for sandbox access > >> >> restrictions: > >> >> > >> >> * kSBXProfileNoInternet > >> >> * kSBXProfileNoNetwork > >> >> * kSBXProfileNoWrite > >> >> * kSBXProfileNoWriteExceptTemporary > >> >> * kSBXProfilePureComputation > >> >> > >> >> In the renderer, we would probably want to use a combination of > >> >> kSBXProfileNoNetwork and kSBXProfileNoWrite. If possible, we would > >> >> like to get by with kSBXProfilePureComputation, > >> >> > >> >> Can you please which access restrictions the renderer of chromium is > >> >> currently set to? > >> >> I have looked at renderer_main_platform_delegate_mac.mm, which I > >> >> believe is how/where chromium set the access restrictions to. But > from > >> >> the code, i can't tell which access restrictions it assigns to > >> >> renderer. > >> >> > >> >> int error = sandbox_init(sandbox_profile, SANDBOX_NAMED_EXTERNAL, > >> >> &error_buff); > >> >> > >> >> And I have looked at the file 'renderer.sb', it does not contains > any > >> >> of the above 5 access restrictions string either. > >> >> > >> >> Thank you for your help. > >> >> > >> >> Regards, > >> >> > >> >> >> > >> > > >> > > >> > >> > >> > > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
