diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-15 20:13:38 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-15 20:13:38 +0000 |
| commit | ad6d2c4304320a300009682901199278fabd3148 (patch) | |
| tree | a85ecca65867c1a5696c7075a3def08525a496e2 /build/common.gypi | |
| parent | 2f4e8134c2a1d868eb4264dfb110cab5a94f43d7 (diff) | |
| download | chromium_src-ad6d2c4304320a300009682901199278fabd3148.zip chromium_src-ad6d2c4304320a300009682901199278fabd3148.tar.gz chromium_src-ad6d2c4304320a300009682901199278fabd3148.tar.bz2 | |
Linux: add support for SELinux.
This patch adds support for a selinux GYP variable which, when set to
one, does the following:
* Removes the seccomp sandbox from the compile
* Removes support for SUID sandboxing from the zygote
* Performs a dynamic transition, in the zygote, to
chromium_renderer_t.
This code requires that the system policy have a sensible set of
access vectors for the chromium_renderer_t type. Such a policy will be
found in sandbox/selinux in the future.
http://codereview.chromium.org/203071
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26257 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'build/common.gypi')
| -rw-r--r-- | build/common.gypi | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/build/common.gypi b/build/common.gypi index aeb5d11..7b8ad12 100644 --- a/build/common.gypi +++ b/build/common.gypi @@ -112,6 +112,9 @@ # sandbox the zygote process and, thus, all renderer processes. 'linux_sandbox_path%': '', + # Set this to true to enable SELinux support. + 'selinux%': 0, + 'conditions': [ ['OS=="linux"', { 'conditions': [ @@ -189,6 +192,9 @@ ['chromeos==1', { 'defines': ['OS_CHROMEOS=1'], }], + ['selinux==1', { + 'defines': ['CHROMIUM_SELINUX=1'], + }], ['coverage!=0', { 'conditions': [ ['OS=="mac"', { |