* If you update your google-chrome-unstable packages and your
development builds start hanging, sync to >= 20710 *
Details:
The latest google-chrome packages contain a sandbox binary, which the
development builds of chromium will pick up on automatically. However,
for safety reasons, the sandbox binary will only exec a fixed chrome
binary location. Since development builds will be somewhere else in
the filesystem, this means that they will fail to start their zygote
processes and generally be very sad.
I've committed a change which changes the default path so that we
won't pickup the system sandbox anyway.
However, we /do/ want people developing with the sandbox, but we don't
want the general sandbox binary to be able to exec anything. We could
have chromium try and find its sandbox binary relative to the build
directory, but some people build on NFS and, since the sandbox binary
needs to be SUID, this won't work for them.
So, there's now a GYP variable which will build a sandbox binary that
doesn't enforce the path restriction, it only requires that the binary
being run be owned by the current user and be non-SUID and non-GUID.
Also, you can now select the sandbox binary to run with the
environment variable CHROME_DEVEL_SANDBOX (iff the current binary is
owned by the current real user).
So, if you're developing on Linux, you should do the following:
* Sync up to >= 20710
* Edit build/common.gypi and change linux_suid_sandbox_restrictions
from "Path" to "User"
* build chrome_sandbox
* sudo cp out/Debug/chrome_sandbox /usr/local/sbin/chrome-devel-sandbox
* sudo chown root:root /usr/local/sbin/chrome-devel-sandbox
* sudo chmod 4755 /usr/local/sbin/chrome-devel-sandbox
* export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox
* Put the last line in your ~/.bashrc (or .zshenv etc)
Cheers
AGL
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
