The easiest way would be to add a rule to renderer.sb, the language it uses is undocumented but very easy to use, you can find the file in the source tree.
May I ask why you want the renderer to be able to read/write files in /tmp? Best regards, Jeremy On Thu, Jul 30, 2009 at 7:32 PM, n179911 <[email protected]> wrote: > I would like to change it so that the renderer can create/write file on > /tmp. > > Like this 'kSBXProfileNoWriteExceptTemporary' profile. > > On Thu, Jul 30, 2009 at 9:43 AM, Jeremy Moskovich<[email protected]> > wrote: > > Is this just out of curiosity? Is there something specific you're trying > to > > achieve? > > On Thu, Jul 30, 2009 at 9:32 AM, n179911 <[email protected]> wrote: > >> > >> On Thu, Jul 30, 2009 at 9:08 AM, Jeremy Moskovich<[email protected]> > >> wrote: > >> > Hi, > >> > It would really help if you could provide some details on what your > >> > trying > >> > to do. > >> > Best regards, > >> > Jeremy > >> > > >> From the > >> > http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design > >> > >> It said "In the renderer, we would probably want to use a combination of > >> kSBXProfileNoNetwork and kSBXProfileNoWrite. If possible, we would > >> like to get by with kSBXProfilePureComputation," > >> > >> I am trying to see what it the current setting in chromium. I can't > >> find that in renderer.sb or when sandbox_init() is called. And then I > >> would want to see if I can switch it to 'kSBXProfilePureComputation' > >> and see what may break. > >> > >> Regards, > >> > >> > >> > >> > On Thu, Jul 30, 2009 at 9:06 AM, n179911 <[email protected]> wrote: > >> >> > >> >> Thank you. Can you please tell me how can I change the configure file > >> >> (renderer.sb) to use > >> >> other sandbox profile, like the one described in man page: > >> >> > >> >> * kSBXProfileNoInternet > >> >> * kSBXProfileNoNetwork > >> >> * kSBXProfileNoWrite > >> >> * kSBXProfileNoWriteExceptTemporary > >> >> * kSBXProfilePureComputation > >> >> > >> >> And I did try looking for the sandbox configuration format, but this > >> >> is the only thing I found, but it does not contain sandbox config > file > >> >> format > >> >> > >> >> > >> >> > http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/ManPages/man3/sandbox_init.3.html > >> >> > >> >> > >> >> On Thu, Jul 30, 2009 at 5:21 AM, Thomas Van > >> >> Lenten<[email protected]> > >> >> wrote: > >> >> > Those constants are pre-configured settings. The NAMED_EXTERNAL > flag > >> >> > lets > >> >> > us pass in our own config, which is the renderer.sb. Apple hasn't > >> >> > really > >> >> > documented the file format, but if you do some searching on the > web, > >> >> > you'll > >> >> > find some documentation folks have figured out and I believe there > >> >> > was a > >> >> > talk given at one point by some of the Apple folks that work on it. > >> >> > TVL > >> >> > > >> >> > On Thu, Jul 30, 2009 at 2:32 AM, n179911 <[email protected]> > wrote: > >> >> >> > >> >> >> Hi, > >> >> >> > >> >> >> I read this article: > >> >> >> > >> >> >> > >> >> >> > >> >> >> > http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design > >> >> >> > >> >> >> It said Mac OSX supports five constants for sandbox access > >> >> >> restrictions: > >> >> >> > >> >> >> * kSBXProfileNoInternet > >> >> >> * kSBXProfileNoNetwork > >> >> >> * kSBXProfileNoWrite > >> >> >> * kSBXProfileNoWriteExceptTemporary > >> >> >> * kSBXProfilePureComputation > >> >> >> > >> >> >> In the renderer, we would probably want to use a combination of > >> >> >> kSBXProfileNoNetwork and kSBXProfileNoWrite. If possible, we would > >> >> >> like to get by with kSBXProfilePureComputation, > >> >> >> > >> >> >> Can you please which access restrictions the renderer of chromium > is > >> >> >> currently set to? > >> >> >> I have looked at renderer_main_platform_delegate_mac.mm, which I > >> >> >> believe is how/where chromium set the access restrictions to. But > >> >> >> from > >> >> >> the code, i can't tell which access restrictions it assigns to > >> >> >> renderer. > >> >> >> > >> >> >> int error = sandbox_init(sandbox_profile, SANDBOX_NAMED_EXTERNAL, > >> >> >> &error_buff); > >> >> >> > >> >> >> And I have looked at the file 'renderer.sb', it does not contains > >> >> >> any > >> >> >> of the above 5 access restrictions string either. > >> >> >> > >> >> >> Thank you for your help. > >> >> >> > >> >> >> Regards, > >> >> >> > >> >> >> >> > >> >> > > >> >> > > >> >> > >> >> > >> >> > >> > > >> > > > > > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
