[chromium-dev] Re: Linux developers: you need to read this
On Wed, Jul 15, 2009 at 4:21 PM, Michaelmichael.monr...@gmail.com wrote: It's correctly set to User and I have since done a complete clean rebuild of the tree, still no joy... Please make sure that you sync = 20718. As Joel pointed out, I typoed a #define. AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Jul 15, 6:31 pm, Adam Langley a...@chromium.org wrote: Please make sure that you sync = 20718. As Joel pointed out, I typoed a #define. AGL Sure... svn info | grep Revision Revision: 20728 --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
Oh... I am building Release configuration, maybe this is not yet working there? --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Wed, Jul 15, 2009 at 2:11 AM, Adam Langleya...@google.com wrote: * Edit build/common.gypi and change linux_suid_sandbox_restrictions from Path to User (missed a step) * re-GYP: cd .. ./depot_tools/gclient runhooks --force cd src should probably do it. AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Jul 15, 4:51 pm, Adam Langley a...@chromium.org wrote: * re-GYP: cd .. ./depot_tools/gclient runhooks --force cd src should probably do it. Ah... sure! Still wondering if this is working as intended... ps shows me: 28704 pts/2Z+ 0:00 [chrome-devel-sa] defunct 28706 pts/2Z+ 0:00 [chrome-devel-sa] defunct --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Wed, Jul 15, 2009 at 5:07 PM, Michaelmichael.monr...@gmail.com wrote: Ah... sure! Still wondering if this is working as intended... ps shows me: Zombies not intended, but it's not reducing the browser to an unworkable mess either so it's behind the bugs which are. Cheers AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Jul 14, 7:26 pm, Adam Langley a...@chromium.org wrote: On Tue, Jul 14, 2009 at 7:18 PM, Jeremy Orlowjor...@chromium.org wrote: Wait...so is this something every linux Chromium developer is going to have to do forever? You only need to do it once and, if you don't, you just run without a sandbox. Also, the SUID sandbox will probably not be around forever (maybe not even for the next couple of months). What will replace it and why? Cheers Chris I'm open to suggestions about how else to handle this if you have any, AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Wed, Jul 15, 2009 at 10:14 PM, Chris Evanscev...@chromium.org wrote: What will replace it and why? seccomp sandbox: * none of this admin crap * restricts the network * restricts access to worrying syscalls (vsplice etc) probably other reasons too. AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Tue, Jul 14, 2009 at 7:12 PM, Adam Langley a...@chromium.org wrote: * If you update your google-chrome-unstable packages and your development builds start hanging, sync to = 20710 * Details: The latest google-chrome packages contain a sandbox binary, which the development builds of chromium will pick up on automatically. However, for safety reasons, the sandbox binary will only exec a fixed chrome binary location. Since development builds will be somewhere else in the filesystem, this means that they will fail to start their zygote processes and generally be very sad. I've committed a change which changes the default path so that we won't pickup the system sandbox anyway. However, we /do/ want people developing with the sandbox, but we don't want the general sandbox binary to be able to exec anything. We could have chromium try and find its sandbox binary relative to the build directory, but some people build on NFS and, since the sandbox binary needs to be SUID, this won't work for them. So, there's now a GYP variable which will build a sandbox binary that doesn't enforce the path restriction, it only requires that the binary being run be owned by the current user and be non-SUID and non-GUID. Also, you can now select the sandbox binary to run with the environment variable CHROME_DEVEL_SANDBOX (iff the current binary is owned by the current real user). So, if you're developing on Linux, you should do the following: * Sync up to = 20710 * Edit build/common.gypi and change linux_suid_sandbox_restrictions from Path to User Does this part need to be sticky, or is it just to build the chrome-devel-sandbox ? If the former it is going to be painful. Antoine * build chrome_sandbox * sudo cp out/Debug/chrome_sandbox /usr/local/sbin/chrome-devel-sandbox * sudo chown root:root /usr/local/sbin/chrome-devel-sandbox * sudo chmod 4755 /usr/local/sbin/chrome-devel-sandbox * export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox * Put the last line in your ~/.bashrc (or .zshenv etc) Cheers AGL -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Tue, Jul 14, 2009 at 8:09 PM, Jeremy Orlowjor...@chromium.org wrote: Also, will the try bots and build bots run with the sandbox on? No, the build-bots currently run without a sandbox. I agree this should probably be changed and it's on my TODO list. Unfortunately, it's a very long list right now. AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Tue, Jul 14, 2009 at 8:14 PM, Antoine Labourpi...@google.com wrote: Does this part need to be sticky, or is it just to build the chrome-devel-sandbox ? If the former it is going to be painful. You only need to build and install it once. AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Tue, Jul 14, 2009 at 8:19 PM, Adam Langley a...@chromium.org wrote: On Tue, Jul 14, 2009 at 8:14 PM, Antoine Labourpi...@google.com wrote: Does this part need to be sticky, or is it just to build the chrome-devel-sandbox ? If the former it is going to be painful. You only need to build and install it once. AGL I meant the change in common.gpyi. Once I built the chrome-devel-sandbox I can revert that file, right ? Antoine --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Tue, Jul 14, 2009 at 8:21 PM, Antoine Labourpi...@google.com wrote: I meant the change in common.gpyi. Once I built the chrome-devel-sandbox I can revert that file, right ? Yes. AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Wed, Jul 15, 2009 at 02:12, Adam Langleya...@chromium.org wrote: * build chrome_sandbox I think the defines got messed up somewhere... http://codereview.chromium.org/149667 fixes it for me. Joel --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---
[chromium-dev] Re: Linux developers: you need to read this
On Tue, Jul 14, 2009 at 8:50 PM, Joel Stanleyj...@jms.id.au wrote: I think the defines got messed up somewhere... Crap, yes. Thanks for that. Fixed. AGL --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~--~~~~--~~--~--~---