Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
chroumium on gentoo-hardened CONFIG_GRKERNSEC breaks sandbox
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
erg_samowzbudnik
n00b
n00b


Joined: 09 Sep 2011
Posts: 50
Location: uk/sticks

PostPosted: Sat Jul 01, 2017 12:27 pm    Post subject: chroumium on gentoo-hardened CONFIG_GRKERNSEC breaks sandbox Reply with quote

Hi all,

compiling chromium-59.0.3071.104 I'm getting a warning:

CONFIG_GRKERNSEC breaks sandbox (bug #613668)
* Please check to make sure these options are set correctly.
* Failure to do so may cause unexpected problems.

I fail to find any info on this bug, should I be worried?

cheers
Back to top
View user's profile Send private message
rob_dot_p
n00b
n00b


Joined: 28 Jan 2017
Posts: 30

PostPosted: Sat Jul 01, 2017 3:22 pm    Post subject: Reply with quote

Grsec doesn't allow user namespaces.
You'll have to compile with the suid USE flag enabled.

running Chromium with CONFIG_GRKERNSEC and suid enabled:
https://i.imgur.com/hO7PPQR.png
Back to top
View user's profile Send private message
erg_samowzbudnik
n00b
n00b


Joined: 09 Sep 2011
Posts: 50
Location: uk/sticks

PostPosted: Sat Jul 01, 2017 4:34 pm    Post subject: Reply with quote

Thanks for prompt reply.

I did compile chromium with suid USE flag enabled though and yet got the warning.

What am I doing wrong?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5761

PostPosted: Sat Jul 01, 2017 6:52 pm    Post subject: Reply with quote

Chromium always has the container-based sandbox enabled so you'll get that warning either way, it'll just fall back to the less secure suid one at runtime.
Back to top
View user's profile Send private message
erg_samowzbudnik
n00b
n00b


Joined: 09 Sep 2011
Posts: 50
Location: uk/sticks

PostPosted: Sat Jul 01, 2017 6:57 pm    Post subject: Reply with quote

Alright then, that explains it.

Thanks a lot
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum