Thank you. Can you please tell me how can I change the configure file (renderer.sb) to use other sandbox profile, like the one described in man page:
* kSBXProfileNoInternet * kSBXProfileNoNetwork * kSBXProfileNoWrite * kSBXProfileNoWriteExceptTemporary * kSBXProfilePureComputation And I did try looking for the sandbox configuration format, but this is the only thing I found, but it does not contain sandbox config file format http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/ManPages/man3/sandbox_init.3.html On Thu, Jul 30, 2009 at 5:21 AM, Thomas Van Lenten<thoma...@chromium.org> wrote: > Those constants are pre-configured settings. The NAMED_EXTERNAL flag lets > us pass in our own config, which is the renderer.sb. Apple hasn't really > documented the file format, but if you do some searching on the web, you'll > find some documentation folks have figured out and I believe there was a > talk given at one point by some of the Apple folks that work on it. > TVL > > On Thu, Jul 30, 2009 at 2:32 AM, n179911 <n179...@gmail.com> wrote: >> >> Hi, >> >> I read this article: >> >> http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design >> >> It said Mac OSX supports five constants for sandbox access restrictions: >> >> * kSBXProfileNoInternet >> * kSBXProfileNoNetwork >> * kSBXProfileNoWrite >> * kSBXProfileNoWriteExceptTemporary >> * kSBXProfilePureComputation >> >> In the renderer, we would probably want to use a combination of >> kSBXProfileNoNetwork and kSBXProfileNoWrite. If possible, we would >> like to get by with kSBXProfilePureComputation, >> >> Can you please which access restrictions the renderer of chromium is >> currently set to? >> I have looked at renderer_main_platform_delegate_mac.mm, which I >> believe is how/where chromium set the access restrictions to. But from >> the code, i can't tell which access restrictions it assigns to >> renderer. >> >> int error = sandbox_init(sandbox_profile, SANDBOX_NAMED_EXTERNAL, >> &error_buff); >> >> And I have looked at the file 'renderer.sb', it does not contains any >> of the above 5 access restrictions string either. >> >> Thank you for your help. >> >> Regards, >> >> >> > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---