public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

grsecurity docs: mention chromium setuid sandbox

Browse Source
This commit is contained in:
Joachim Fasting 2016-08-15 20:36:13 +02:00
parent 050b7eec16
commit f9c3076e58
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/doc/manual/configuration/grsecurity.xml
View File

@ -267,8 +267,8 @@
<itemizedlist> <itemizedlist>
<listitem><para>User namespaces require <literal>CAP_SYS_ADMIN</literal>: <listitem><para>User namespaces require <literal>CAP_SYS_ADMIN</literal>:
consequently, unprivileged namespaces are unsupported. Applications that consequently, unprivileged namespaces are unsupported. Applications that
rely on namespaces for sandboxing (e.g., chromium) must use a privileged rely on namespaces for sandboxing must use a privileged helper. For chromium
helper.</para></listitem> there is <option>security.chromiumSuidSandbox.enable</option>.</para></listitem>
<listitem><para>Access to EFI runtime services is disabled by default: <listitem><para>Access to EFI runtime services is disabled by default:
this plugs a potential code injection attack vector; use this plugs a potential code injection attack vector; use