Clean out leftover bits of the path-based Linux SUID sandbox.
TEST=none BUG=none Review URL: http://codereview.chromium.org/181030 git-svn-id: http://src.chromium.org/svn/trunk/src/build@25019 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
This commit is contained in:
thestig@chromium.org
Родитель
884f7582fe
Коммит
a2133f3505
14
common.gypi
14
common.gypi
|
|
@ -98,25 +98,11 @@
|
||||||
|
|
||||||
'chromeos%': 0,
|
'chromeos%': 0,
|
||||||
|
|
||||||
# Set the restrictions on the SUID sandbox binary.
|
|
||||||
# Path: only exec the hard coded chrome binary path
|
|
||||||
# User: only exec binaries owned by the running user.
|
|
||||||
#
|
|
||||||
# Developers should read
|
|
||||||
# http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
|
|
||||||
'linux_suid_sandbox_restrictions%': 'Path',
|
|
||||||
|
|
||||||
# This is the location of the sandbox binary. Chrome looks for this before
|
# This is the location of the sandbox binary. Chrome looks for this before
|
||||||
# running the zygote process. If found, and SUID, it will be used to
|
# running the zygote process. If found, and SUID, it will be used to
|
||||||
# sandbox the zygote process and, thus, all renderer processes.
|
# sandbox the zygote process and, thus, all renderer processes.
|
||||||
'linux_sandbox_path%': '',
|
'linux_sandbox_path%': '',
|
||||||
|
|
||||||
# If |linux_suid_sandbox_restrictions|, above, is 'Path' then only a single
|
|
||||||
# path is allowed to be exec'ed by the sandbox for security reasons. That
|
|
||||||
# path is set here. It should be the final location of the Chromium binary
|
|
||||||
# on the system.
|
|
||||||
'linux_sandbox_chrome_path%': '/opt/google/chrome/chrome',
|
|
||||||
|
|
||||||
'conditions': [
|
'conditions': [
|
||||||
['OS=="linux"', {
|
['OS=="linux"', {
|
||||||
'conditions': [
|
'conditions': [
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче