On Fedora systems we'll be able to do Real Sandboxing due to SELinux.
An SELinux developer took a crack at it:
http://danwalsh.livejournal.com/32759.html
However, it looks like he's sandboxing our chroot sandbox (?). I
don't much understand this stuff, but I think on Fedora we should
probably recommend they use the SELinux sandbox directly. It looks
like there's an "selinux" variable set at gyp time.
In general, it'd be nice to reach out to Dan since he's likely to know
better than anyone here about the right way to do this. I'll link him
to this thread from his post.
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
