[chromium-dev] Re: Question about chromium sandbox on Mac OSX

Thu, 30 Jul 2009 09:06:34 -0700 

Thank you. Can you please tell me how can I change the configure file
(renderer.sb) to use
other sandbox profile, like the one described in man page:

   * kSBXProfileNoInternet
   * kSBXProfileNoNetwork
   * kSBXProfileNoWrite
   * kSBXProfileNoWriteExceptTemporary
   * kSBXProfilePureComputation

And I did try looking for the sandbox configuration format, but this
is the only thing I found, but it does not contain sandbox config file
format
http://developer.apple.com/DOCUMENTATION/DARWIN/Reference/ManPages/man3/sandbox_init.3.html


On Thu, Jul 30, 2009 at 5:21 AM, Thomas Van Lenten<thoma...@chromium.org> wrote:
> Those constants are pre-configured settings.  The NAMED_EXTERNAL flag lets
> us pass in our own config, which is the renderer.sb.  Apple hasn't really
> documented the file format, but if you do some searching on the web, you'll
> find some documentation folks have figured out and I believe there was a
> talk given at one point by some of the Apple folks that work on it.
> TVL
>
> On Thu, Jul 30, 2009 at 2:32 AM, n179911 <n179...@gmail.com> wrote:
>>
>> Hi,
>>
>> I read this article:
>>
>> http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design
>>
>> It said Mac OSX supports five constants for sandbox access restrictions:
>>
>>    * kSBXProfileNoInternet
>>    * kSBXProfileNoNetwork
>>    * kSBXProfileNoWrite
>>    * kSBXProfileNoWriteExceptTemporary
>>    * kSBXProfilePureComputation
>>
>> In the renderer, we would probably want to use a combination of
>> kSBXProfileNoNetwork and kSBXProfileNoWrite. If possible, we would
>> like to get by with kSBXProfilePureComputation,
>>
>> Can you please which access restrictions the renderer of chromium is
>> currently set to?
>> I have looked at renderer_main_platform_delegate_mac.mm, which I
>> believe is how/where chromium set the access restrictions to. But from
>> the code, i can't tell which access restrictions it assigns to
>> renderer.
>>
>>  int error = sandbox_init(sandbox_profile, SANDBOX_NAMED_EXTERNAL,
>>                           &error_buff);
>>
>> And I have looked at the file 'renderer.sb', it does not contains any
>> of the above 5 access restrictions string either.
>>
>> Thank you for your help.
>>
>> Regards,
>>
>> >>
>
>

--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com 
View archives, change email options, or unsubscribe: 
    http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---

Reply via email to