On Fedora systems we'll be able to do Real Sandboxing due to SELinux. An SELinux developer took a crack at it: http://danwalsh.livejournal.com/32759.html
However, it looks like he's sandboxing our chroot sandbox (?). I don't much understand this stuff, but I think on Fedora we should probably recommend they use the SELinux sandbox directly. It looks like there's an "selinux" variable set at gyp time. In general, it'd be nice to reach out to Dan since he's likely to know better than anyone here about the right way to do this. I'll link him to this thread from his post. --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---