Date: Sat, 9 Jul 2016 21:52:35 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Matthew Macy <mmacy@nextbsd.org> Cc: chromium <chromium@freebsd.org> Subject: Re: Chromium sandboxing on FreeBSD Message-ID: <20160709195235.rrfflo3tsho7by76@ivaldir.etoilebsd.net> In-Reply-To: <155d0f236ad.c11b2673215986.622076744465197484@nextbsd.org> References: <155d0f236ad.c11b2673215986.622076744465197484@nextbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--fow5w7azsxx3evfe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 09, 2016 at 11:36:22AM -0700, Matthew Macy wrote: >=20 > How much of Chromium's sandboxing code actually works on FreeBSD? On Linu= x it relies in part on user namespaces which appear to be a much more modul= ar equivalent of jails usable by unprivileged processes. People working on chromium (now, I'm not anymore) would know better but Goo= gle sponsored capsicum development for sanboxing chromium, there are lots of talks/papers available out there explaining that. But on the otherside upst= ream never accepted (or almost never accepted) our patches to run on freebsd resulting in the current ports as now contain 395 patches to run there. So = the capsicum patches were never integrated neither upstream neither on freebsd.= =2E. btw big thanks to the people working on keeping chromium working on FreeBSD given how unfriendly upstream is... Google chrome team is not friendly to projects which are not Linux, Windows= or Mac OS. Best regards, Bapt --fow5w7azsxx3evfe Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXgVYDAAoJEGOJi9zxtz5ayyAQAMJI5uqj9EeY/hAAb3gQNvNr U4IWfyTsZzT1M7IFOqUNfMVUs1GE5LjZ9L7USroEojKix44kJ2gFg6XsKRgM9ETa WaO2qARsUgbQkFeWBfvi1pmcvV/KLBzZpl/CsncnaZ9H329w7fvkU09qodVtMSFA 57rla6e73bgXocuekk9yvVc+abJUCze4HWgsRdmG/d8FQnuO63KWjPVXZAfOrczs 5eWF/cchBYiXbkUNGHQVHdVvyZ+ww32J2cy4octRa9MPxS5dvDxaVzZLpezGDbzq 5788CkjYO/AS769wVvpRq/Gbo4s0tqXy7ksZgrW25CH8TJ/5G1dX/K0sJ+QUHWoo 7zZKeZfgjRrl3u6/JLNs6CHPQBkebl4Uyl8ZqDnu5+9QYskp7eOpwE5TWBni+gxw 8dSeazVHUV3FgVfgqp8v0TE7QHGLld8HUax9rwADwnmKwKHHSahZ0k2QM5G8EXqY Ls35E+AlsE74la+hhT3sRWpy1WrUSVRKayFrLZdSi9wizUXR5xl9iW4w5RMEWO0T ZYi7OCEN+YixDwenRQQHMoUdgUf1DC9jefTeiU+Bx8IGo8gcvqaVBoY+9i43rAKu dAQd4ZtT5vU6K9DB7s6WJJTFsR4VA9fh89JftVU8Den2gytE6zaGBO0MIDPKHPL9 3g9u51ik8BxkBAJ2/KA9 =d3rZ -----END PGP SIGNATURE----- --fow5w7azsxx3evfe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160709195235.rrfflo3tsho7by76>