Linux.com

Home News Software Applications Tinnes: Introducing Chrome's Next-Generation Linux Sandbox

Tinnes: Introducing Chrome's Next-Generation Linux Sandbox

Julien Tinnes describes the new sandbox mechanism for the Chrome browser under Linux. "In a similar, but very limited, fashion, this is what we have now in Chrome: we stacked the seccomp-bpf sandbox on top of the setuid sandbox. The setuid sandbox gives a few easy to understand semantic properties: no file system access, no process access outside of the sandbox, no network access. It makes it much easier to layer a seccomp-bpf sandbox on top."

Read more at LWN
 

Comments

Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board