diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-15 20:13:38 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-15 20:13:38 +0000 |
| commit | ad6d2c4304320a300009682901199278fabd3148 (patch) | |
| tree | a85ecca65867c1a5696c7075a3def08525a496e2 /sandbox/sandbox.gyp | |
| parent | 2f4e8134c2a1d868eb4264dfb110cab5a94f43d7 (diff) | |
| download | chromium_src-ad6d2c4304320a300009682901199278fabd3148.zip chromium_src-ad6d2c4304320a300009682901199278fabd3148.tar.gz chromium_src-ad6d2c4304320a300009682901199278fabd3148.tar.bz2 | |
Linux: add support for SELinux.
This patch adds support for a selinux GYP variable which, when set to
one, does the following:
* Removes the seccomp sandbox from the compile
* Removes support for SUID sandboxing from the zygote
* Performs a dynamic transition, in the zygote, to
chromium_renderer_t.
This code requires that the system policy have a sensible set of
access vectors for the chromium_renderer_t type. Such a policy will be
found in sandbox/selinux in the future.
http://codereview.chromium.org/203071
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26257 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/sandbox.gyp')
| -rw-r--r-- | sandbox/sandbox.gyp | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp index 186625f..5d5ebc5 100644 --- a/sandbox/sandbox.gyp +++ b/sandbox/sandbox.gyp @@ -7,7 +7,7 @@ '../build/common.gypi', ], 'conditions': [ - [ 'OS=="linux"', { + [ 'OS=="linux" and selinux==0', { 'targets': [ { 'target_name': 'chrome_sandbox', @@ -69,6 +69,15 @@ ]}, ], }], + [ 'OS=="linux" and selinux==1', { + # GYP requires that each file have at least one target defined. + 'targets': [ + { + 'target_name': 'sandbox', + 'type': 'settings', + }, + ], + }], [ 'OS=="win"', { 'targets': [ { |