From ad6d2c4304320a300009682901199278fabd3148 Mon Sep 17 00:00:00 2001
From: "agl@chromium.org"
 <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 15 Sep 2009 20:13:38 +0000
Subject: Linux: add support for SELinux.

This patch adds support for a selinux GYP variable which, when set to
one, does the following:
  * Removes the seccomp sandbox from the compile
  * Removes support for SUID sandboxing from the zygote
  * Performs a dynamic transition, in the zygote, to
    chromium_renderer_t.

This code requires that the system policy have a sensible set of
access vectors for the chromium_renderer_t type. Such a policy will be
found in sandbox/selinux in the future.

http://codereview.chromium.org/203071


git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26257 0039d316-1c4b-4281-b951-d872f2087c98
---
 sandbox/sandbox.gyp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'sandbox')

diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp
index 186625f..5d5ebc5 100644
--- a/sandbox/sandbox.gyp
+++ b/sandbox/sandbox.gyp
@@ -7,7 +7,7 @@
     '../build/common.gypi',
   ],
   'conditions': [
-    [ 'OS=="linux"', {
+    [ 'OS=="linux" and selinux==0', {
       'targets': [
         {
           'target_name': 'chrome_sandbox',
@@ -69,6 +69,15 @@
         ]},
       ],
     }],
+    [ 'OS=="linux" and selinux==1', {
+      # GYP requires that each file have at least one target defined.
+      'targets': [
+        {
+          'target_name': 'sandbox',
+          'type': 'settings',
+        },
+      ],
+    }],
     [ 'OS=="win"', {
       'targets': [
         {
-- 
cgit v1.1