From owner-freebsd-chromium@freebsd.org  Sat Jul  9 19:52:40 2016
Return-Path: <owner-freebsd-chromium@freebsd.org>
Delivered-To: freebsd-chromium@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6CD1EB85FBA
 for <freebsd-chromium@mailman.ysv.freebsd.org>;
 Sat,  9 Jul 2016 19:52:40 +0000 (UTC)
 (envelope-from baptiste.daroussin@gmail.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 47983170F
 for <freebsd-chromium@freebsd.org>; Sat,  9 Jul 2016 19:52:40 +0000 (UTC)
 (envelope-from baptiste.daroussin@gmail.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 469E9B85FB9; Sat,  9 Jul 2016 19:52:40 +0000 (UTC)
Delivered-To: chromium@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43FA0B85FB8
 for <chromium@mailman.ysv.freebsd.org>; Sat,  9 Jul 2016 19:52:40 +0000 (UTC)
 (envelope-from baptiste.daroussin@gmail.com)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com
 [IPv6:2a00:1450:400c:c09::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C3072170E
 for <chromium@freebsd.org>; Sat,  9 Jul 2016 19:52:39 +0000 (UTC)
 (envelope-from baptiste.daroussin@gmail.com)
Received: by mail-wm0-x232.google.com with SMTP id f126so49473476wma.1
 for <chromium@freebsd.org>; Sat, 09 Jul 2016 12:52:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=EIxGTTM5tML7yBpNeEizg5SoL672sBoLF8DJY5x3bWc=;
 b=jxDtKuXHZNUgbzymgDovtQUeAm1YU6jNd4CZWtwbOrAhKjafEEwqg6mEHrADrnlWJ9
 ZYjnWRPG+okgYIIJeysKjlEeQjziSu8/3ZnfxmFyXHIro2nAaDVq+gAIR4HsTTBHNfrX
 z3oyX+MmPUZCXNwCspuPabGN2jzy96ZSwV49gjWuXCSehMCl3CJPD/D98UNdklDPTSOH
 6Qea1nZhEH7oP+IG3RVBM6KxPO4T1/i88KoG31IkkkFvUlztvKyR3vv9xMcq1mKn7qdL
 6fwjY95blFsrB+YrKZz5BYD0BfzrBbpTKKwIOeaAf2Z8wvBeryJ8b1LlL/C6j5HREax3
 TeWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:sender:date:from:to:cc:subject:message-id
 :references:mime-version:content-disposition:in-reply-to:user-agent;
 bh=EIxGTTM5tML7yBpNeEizg5SoL672sBoLF8DJY5x3bWc=;
 b=PDAF0Fq9I+ebzAsbRlPxHIXSofrt63CETp5gi7MmeHtTAxev/b5PhkH/sbc49mt6ft
 6VrA5+LtRuR+JjPtvi4sEIMtsUV3Y8r0EMBOT4muMH4xUVt0XSz/HjNjTElvmbnwAzgt
 feV5Hh21ayQZyBzNVMdB5qjc9QvHeuNNpb5dabvoaqHX53+0I/nHs678r7q13FztEOvw
 qdrE/1X7aJETg5TYKVeyBoQSWroW3Z2a/pqqfFjhmoooyirCZ4kg/IpqrDssP73vKw+I
 FT56KCJ1rN+TddyCJkzGhLjt03JSbinQ3/IThk4j9y40Qn8gZI+XyMET93qALtFUI4vk
 cBTg==
X-Gm-Message-State: ALyK8tJdDg9idwJYLvW5p/UCfEK54UgmTFIjUpsH5zuctguZe5gEmXyNWVnDcz+KlzRTQQ==
X-Received: by 10.194.236.69 with SMTP id us5mr10661988wjc.165.1468093957225; 
 Sat, 09 Jul 2016 12:52:37 -0700 (PDT)
Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1])
 by smtp.gmail.com with ESMTPSA id hf7sm2744092wjc.48.2016.07.09.12.52.36
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 09 Jul 2016 12:52:36 -0700 (PDT)
Sender: Baptiste Daroussin <baptiste.daroussin@gmail.com>
Date: Sat, 9 Jul 2016 21:52:35 +0200
From: Baptiste Daroussin <bapt@FreeBSD.org>
To: Matthew Macy <mmacy@nextbsd.org>
Cc: chromium <chromium@freebsd.org>
Subject: Re: Chromium sandboxing on FreeBSD
Message-ID: <20160709195235.rrfflo3tsho7by76@ivaldir.etoilebsd.net>
References: <155d0f236ad.c11b2673215986.622076744465197484@nextbsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="fow5w7azsxx3evfe"
Content-Disposition: inline
In-Reply-To: <155d0f236ad.c11b2673215986.622076744465197484@nextbsd.org>
User-Agent: Mutt/1.6.1-neo (2016-06-11)
X-BeenThere: freebsd-chromium@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: FreeBSD-specific Chromium issues <freebsd-chromium.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-chromium>, 
 <mailto:freebsd-chromium-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chromium/>
List-Post: <mailto:freebsd-chromium@freebsd.org>
List-Help: <mailto:freebsd-chromium-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-chromium>, 
 <mailto:freebsd-chromium-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2016 19:52:40 -0000


--fow5w7azsxx3evfe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jul 09, 2016 at 11:36:22AM -0700, Matthew Macy wrote:
>=20
> How much of Chromium's sandboxing code actually works on FreeBSD? On Linu=
x it relies in part on user namespaces which appear to be a much more modul=
ar equivalent of jails usable by unprivileged processes.

People working on chromium (now, I'm not anymore) would know better but Goo=
gle
sponsored capsicum development for sanboxing chromium, there are lots of
talks/papers available out there explaining that. But on the otherside upst=
ream
never accepted (or almost never accepted) our patches to run on freebsd
resulting in the current ports as now contain 395 patches to run there. So =
the
capsicum patches were never integrated neither upstream neither on freebsd.=
=2E.
btw big thanks to the people working on keeping chromium working on FreeBSD
given how unfriendly upstream is...

Google chrome team is not friendly to projects which are not Linux, Windows=
 or
Mac OS.

Best regards,
Bapt

--fow5w7azsxx3evfe
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXgVYDAAoJEGOJi9zxtz5ayyAQAMJI5uqj9EeY/hAAb3gQNvNr
U4IWfyTsZzT1M7IFOqUNfMVUs1GE5LjZ9L7USroEojKix44kJ2gFg6XsKRgM9ETa
WaO2qARsUgbQkFeWBfvi1pmcvV/KLBzZpl/CsncnaZ9H329w7fvkU09qodVtMSFA
57rla6e73bgXocuekk9yvVc+abJUCze4HWgsRdmG/d8FQnuO63KWjPVXZAfOrczs
5eWF/cchBYiXbkUNGHQVHdVvyZ+ww32J2cy4octRa9MPxS5dvDxaVzZLpezGDbzq
5788CkjYO/AS769wVvpRq/Gbo4s0tqXy7ksZgrW25CH8TJ/5G1dX/K0sJ+QUHWoo
7zZKeZfgjRrl3u6/JLNs6CHPQBkebl4Uyl8ZqDnu5+9QYskp7eOpwE5TWBni+gxw
8dSeazVHUV3FgVfgqp8v0TE7QHGLld8HUax9rwADwnmKwKHHSahZ0k2QM5G8EXqY
Ls35E+AlsE74la+hhT3sRWpy1WrUSVRKayFrLZdSi9wizUXR5xl9iW4w5RMEWO0T
ZYi7OCEN+YixDwenRQQHMoUdgUf1DC9jefTeiU+Bx8IGo8gcvqaVBoY+9i43rAKu
dAQd4ZtT5vU6K9DB7s6WJJTFsR4VA9fh89JftVU8Den2gytE6zaGBO0MIDPKHPL9
3g9u51ik8BxkBAJ2/KA9
=d3rZ
-----END PGP SIGNATURE-----

--fow5w7azsxx3evfe--