Add a constructor that takes only the "interesting" args (basically the args that...

[chromium-blink-merge.git] / sandbox / linux / selinux / README

This contains a basic and seemingly functional policy for Chromium. This policy
was written on FC12 and might not function on other distributions depending on
the version of the refpolicy installed.

When building Chromium with the GYP define selinux=1, the seccomp sandbox is
disabled and the zygote will perform a dynamic transition to chromium_renderer_t
after forking a renderer. The policy in this directory defines access vectors
for chromium_renderer_t.

To install:
  % make -f /usr/share/selinux/devel/Makefile
  % sudo /usr/sbin/semodule -i chromium-browser.pp