[sandbox] non permanent '-H'
Genes MailLists
lists at sapience.com
Tue May 24 15:33:05 UTC 2011
On 05/24/2011 11:17 AM, Daniel J Walsh wrote:
> Well chromium-browser is complaining about
>
> Failed to more to new PID namespace: Operation not permitted
>
> Even in permissive mode. I guess the problem is that chromium can not
> run within a sandbox.
>
> If you execute
>
> mkdir -P ~/sandbox/tmp
> mkdir -P ~/sandbox/home
> seunshare -t ~/sandbox/tmp -h ~/sandbox/home -- /usr/bin/chromium-browser
>
> You will get the error.
>
> I am not sure you can clone within a clone...
> --
>
Right it doesn't work for sure - I had vague recollections someone
(you I think?) saying they might try touch base with the google folks
about co-coordinating to try make selinux sandbox work .. that was a few
months ago ... but dont remember when exactly ...
More information about the selinux
mailing list