|
Kernel config options for Chrome's SUID sandbox
I've noticed that with the Liquorix kernel, Chrome reports that support for PID and network namespaces (used by Chrome's SUID sandbox) isn't available. According to phajdan-jr.blogspot.com/2011/05/chromium-linux-kernel-configuration.html, this is needed to make Chrome's SUID sandbox fully effective.
(Here's a screenshot of about:sandbox that shows this) 
Debian's stock kernel supports this... :: Code :: $ cat /boot/config-3.0.0-1-amd64
[...] CONFIG_PID_NS=y CONFIG_NET_NS=y ...while Liquorix does not. :: Code :: $ cat /boot/config-2.6.39-4.dmz.1-liquorix-amd64
[...] # CONFIG_PID_NS is not set # CONFIG_NET_NS is not set Why is PID/network namespace support enabled in the stock Debian kernel, and not in Liquorix? I don't know if there are any downsides to this, but would you kindly consider enabling PID/network namespace support in Liquorix? Back to top |
|||||
|
Thanks for the notice. I'll make this change in the next kernels I build. This weekend I'll be working on the 3.0 kernel since Con finished porting his CK patches over to the new kernel.
EDIT: These features were disabled because I didn't know what used them, really as simple as that. Whenever presents to me a use case that doesn't hinder everyone else, I'll enable the feature for them. Back to top |
|||||
|
|
|||||
|
All times are GMT - 8 Hours
|
|||||
