commit f9c3076e58595043d528a42e92dad49cd4e2e1d2

pyrox.dev / nixpkgs

lol

fork atom

grsecurity docs: mention chromium setuid sandbox

Joachim Fasting 9 years ago f9c3076e 050b7eec

+2 -2

1 changed file

expand all

unified split

nixos

doc

manual

configuration

grsecurity.xml

+2 -2

nixos/doc/manual/configuration/grsecurity.xml

··· 267 267 <itemizedlist> 268 268 <listitem><para>User namespaces require <literal>CAP_SYS_ADMIN</literal>: 269 269 consequently, unprivileged namespaces are unsupported. Applications that 270 - rely on namespaces for sandboxing (e.g., chromium) must use a privileged 271 - helper.</para></listitem> 270 + rely on namespaces for sandboxing must use a privileged helper. For chromium 271 + there is <option>security.chromiumSuidSandbox.enable</option>.</para></listitem> 272 272 273 273 <listitem><para>Access to EFI runtime services is disabled by default: 274 274 this plugs a potential code injection attack vector; use