summaryrefslogtreecommitdiffstats
path: root/docs/linux_suid_sandbox_development.md
diff options
context:
space:
mode:
authorandybons <andybons@chromium.org>2015-08-30 19:27:44 -0700
committerCommit bot <commit-bot@chromium.org>2015-08-31 02:28:22 +0000
commitad92aa35752c2a1f3a0faad364f9b2d1cef83b91 (patch)
tree443feee4987dc2390dbceedd3a292a276700b5c7 /docs/linux_suid_sandbox_development.md
parent22afb31800284923e9f84af6373f68ad6b241f4b (diff)
downloadchromium_src-ad92aa35752c2a1f3a0faad364f9b2d1cef83b91.zip
chromium_src-ad92aa35752c2a1f3a0faad364f9b2d1cef83b91.tar.gz
chromium_src-ad92aa35752c2a1f3a0faad364f9b2d1cef83b91.tar.bz2
[Docs] Another round of stylistic fixes.
TBR=nodir BUG=524256 Review URL: https://codereview.chromium.org/1324603002 Cr-Commit-Position: refs/heads/master@{#346335}
Diffstat (limited to 'docs/linux_suid_sandbox_development.md')
-rw-r--r--docs/linux_suid_sandbox_development.md101
1 files changed, 61 insertions, 40 deletions
diff --git a/docs/linux_suid_sandbox_development.md b/docs/linux_suid_sandbox_development.md
index 950460d..4563a31 100644
--- a/docs/linux_suid_sandbox_development.md
+++ b/docs/linux_suid_sandbox_development.md
@@ -1,61 +1,82 @@
-(For context see [LinuxSUIDSandbox](http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox))
+# Linux SUID Sandbox Development
+
+For context see [LinuxSUIDSandbox](linux_suid_sandbox.md)
We need a SUID helper binary to turn on the sandbox on Linux.
-In most cases, you can run **build/update-linux-sandbox.sh** and it'll install the proper sandbox for you in /usr/local/sbin and tell you to update your .bashrc if needed.
+In most cases, you can run `build/update-linux-sandbox.sh` and it'll install
+the proper sandbox for you in `/usr/local/sbin` and tell you to update your
+`.bashrc` if needed.
+
+## Installation instructions for developers
+
+* If you have no setuid sandbox at all, you will see a message such as:
+
+ ```
+ Running without the SUID sandbox!
+ ```
-### Installation instructions for developers
+* If your setuid binary is out of date, you will get messages such as:
- * If you have no setuid sandbox at all, you will see a message such as:
-```
-Running without the SUID sandbox!
-```
- * If your setuid binary is out of date, you will get messages such as:
-```
-The setuid sandbox provides API version X, but you need Y
-```
-```
-You are using a wrong version of the setuid binary!
-```
+ ```
+ The setuid sandbox provides API version X, but you need Y
+ You are using a wrong version of the setuid binary!
+ ```
Run the script mentioned above, or do something such as:
- * Build chrome\_sandbox whenever you build chrome ("ninja -C xxx chrome chrome\_sandbox" instead of "ninja -C xxx chrome")
- * After building, run something similar to (or use the provided update-linux-sandbox.sh):
-```
-sudo cp out/Debug/chrome_sandbox /usr/local/sbin/chrome-devel-sandbox #needed if you build on NFS!
-sudo chown root:root /usr/local/sbin/chrome-devel-sandbox
-sudo chmod 4755 /usr/local/sbin/chrome-devel-sandbox
-```
+* Build `chrome_sandbox` whenever you build chrome
+ (`ninja -C xxx chrome chrome_sandbox` instead of `ninja -C xxx chrome`)
+* After building, run something similar to (or use the provided
+ `update-linux-sandbox.sh`):
- * Put this line in your ~/.bashrc (or .zshenv etc):
-```
-export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox
-```
+ ```shell
+ # needed if you build on NFS!
+ sudo cp out/Debug/chrome_sandbox /usr/local/sbin/chrome-devel-sandbox
+ sudo chown root:root /usr/local/sbin/chrome-devel-sandbox
+ sudo chmod 4755 /usr/local/sbin/chrome-devel-sandbox
+ ```
-### Try bots and waterfall
+* Put this line in your `~/.bashrc` (or `.zshenv` etc):
-If you're installing a new bot, always install the setuid sandbox (the instructions are different than for developers, contact the Chrome troopers). If something does need to run without the setuid sandbox, use the --disable-setuid-sandbox command line flag.
+ ```
+ export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox
+ ```
-The SUID sandbox must be enabled on the try bots and the waterfall. If you don't use it locally, things might appear to work for you, but break on the bots.
+## Try bots and waterfall
-(Note: as a temporary, stop gap measure, setting CHROME\_DEVEL\_SANDBOX to an empty string is equivalent to --disable-setuid-sandbox)
+If you're installing a new bot, always install the setuid sandbox (the
+instructions are different than for developers, contact the Chrome troopers). If
+something does need to run without the setuid sandbox, use the
+`--disable-setuid-sandbox` command line flag.
-### Disabling the sandbox
+The `SUID` sandbox must be enabled on the try bots and the waterfall. If you
+don't use it locally, things might appear to work for you, but break on the
+bots.
-If you are certain that you don't want the setuid sandbox, use --disable-setuid-sandbox. There should be very few cases like this.
-So if you're not absolutely sure, run with the setuid sandbox.
+(Note: as a temporary, stop gap measure, setting `CHROME_DEVEL_SANDBOX` to an
+empty string is equivalent to `--disable-setuid-sandbox`)
-### Installation instructions for "[Raw builds of Chromium](https://commondatastorage.googleapis.com/chromium-browser-continuous/index.html)"
+## Disabling the sandbox
+
+If you are certain that you don't want the setuid sandbox, use
+`--disable-setuid-sandbox`. There should be very few cases like this. So if
+you're not absolutely sure, run with the setuid sandbox.
+
+## Installation instructions for "[Raw builds of Chromium](https://commondatastorage.googleapis.com/chromium-browser-continuous/index.html)"
If you're using a "raw" build of Chromium, do the following:
-```
-sudo chown root:root chrome_sandbox && sudo chmod 4755 chrome_sandbox && export CHROME_DEVEL_SANDBOX="$PWD/chrome_sandbox"
-./chrome
-```
-You can also make such an installation more permanent by following the [steps above](#Installation_instructions_for_developers.md) and installing chrome\_sandbox to a more permanent location.
+ sudo chown root:root chrome_sandbox && sudo chmod 4755 chrome_sandbox && \
+ export CHROME_DEVEL_SANDBOX="$PWD/chrome_sandbox"
+ ./chrome
+
+You can also make such an installation more permanent by following the
+[steps above](#Installation-Instructions-for-developers) and installing
+`chrome_sandbox` to a more permanent location.
-### System-wide installations of Chromium
+## System-wide installations of Chromium
-The CHROME\_DEVEL\_SANDBOX variable is intended for developers and won't work for a system-wide installation of Chromium. Package maintainers should make sure the setuid binary is installed and defined in GYP as linux\_sandbox\_path. \ No newline at end of file
+The `CHROME_DEVEL_SANDBOX` variable is intended for developers and won't work
+for a system-wide installation of Chromium. Package maintainers should make sure
+the `setuid` binary is installed and defined in GYP as `linux_sandbox_path`.