chromium/src
0
Fork 0
Code Activity

Ozone: Improve sandboxing documentation

Browse Source 
The Linux SUID sandbox is going to be removed [1]. Also, it may not
necessary to disable it to run Ozone builds. Instead of repeating
the command line parameter --disable-setuid-sandbox everywhere, the
documentation is changed to point to the general Sandboxing page.

BUG=None

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=312380

Review-Url: https://codereview.chromium.org/2480293011
Cr-Commit-Position: refs/heads/master@{#431226}
This commit is contained in:
fwang
2016-11-10 01:48:27 -08:00
committed by Commit bot
parent 0e33dadcaf
commit 399b51c074
1 changed files with 9 additions and 13 deletions

22
docs/ozone_overview.md

@@ -130,7 +130,7 @@ ninja -C out/OzoneChromeOS chrome
Then to run for example the X11 platform: Then to run for example the X11 platform:
``` shell ``` shell
./out/OzoneChromeOS/chrome --ozone-platform=x11 --disable-setuid-sandbox ./out/OzoneChromeOS/chrome --ozone-platform=x11
``` ```
### Embedded ### Embedded
@@ -155,8 +155,7 @@ ninja -C out/OzoneEmbedded content_shell
Then to run for example the headless platform: Then to run for example the headless platform:
``` shell ``` shell
./out/OzoneEmbedded/content_shell --disable-setuid-sandbox \ ./out/OzoneEmbedded/content_shell --ozone-platform=headless \
--ozone-platform=headless \
--ozone-dump-file=/tmp/ --ozone-dump-file=/tmp/
``` ```
@@ -178,7 +177,6 @@ Then to run for example the X11 platform:
``` shell ``` shell
./out/OzoneLinuxDesktop/chrome --ozone-platform=x11 \ ./out/OzoneLinuxDesktop/chrome --ozone-platform=x11 \
--disable-setuid-sandbox \
--mash --mash
``` ```
@@ -202,12 +200,10 @@ by default.
## Running with Ozone ## Running with Ozone
Specify the platform you want to use at runtime using the `--ozone-platform` Specify the platform you want to use at runtime using the `--ozone-platform`
flag. Disabling the setuid sandbox may be required during development. flag. For example, to run `content_shell` with the GBM platform:
For example, to run content_shell with the GBM platform:
``` shell ``` shell
content_shell --disable-setuid-sandbox --ozone-platform=gbm content_shell --ozone-platform=gbm
``` ```
Caveats: Caveats:
@@ -215,6 +211,8 @@ Caveats:
* `content_shell` always runs at 800x600 resolution. * `content_shell` always runs at 800x600 resolution.
* For the GBM platform, you may need to terminate your X server (or any other * For the GBM platform, you may need to terminate your X server (or any other
display server) prior to testing. display server) prior to testing.
* During development, you may need to configure
[sandboxing](linux_sandboxing.md) or to disable it.
## Ozone Platforms ## Ozone Platforms
@@ -228,8 +226,7 @@ by specifying `--ozone-dump-file=/path/to/output-directory` on the
command line: command line:
``` shell ``` shell
content_shell --disable-setuid-sandbox \ content_shell --ozone-platform=headless \
--ozone-platform=headless \
--ozone-dump-file=/tmp/ --ozone-dump-file=/tmp/
``` ```
@@ -270,8 +267,7 @@ following commands:
gn args out/OzoneWayland --args="use_ozone=true enable_package_mash_services=true" gn args out/OzoneWayland --args="use_ozone=true enable_package_mash_services=true"
ninja -C out/OzoneWayland chrome ninja -C out/OzoneWayland chrome
./out/OzoneWayland/chrome --ozone-platform=wayland \ ./out/OzoneWayland/chrome --ozone-platform=wayland \
--mash \ --mash
--disable-setuid-sandbox
``` ```
### Caca ### Caca
@@ -298,7 +294,7 @@ with the following commands:
gn args out/OzoneCaca \ gn args out/OzoneCaca \
--args="use_ozone=true ozone_platform_caca=true use_sysroot=false ozone_auto_platforms=false toolkit_views=false" --args="use_ozone=true ozone_platform_caca=true use_sysroot=false ozone_auto_platforms=false toolkit_views=false"
ninja -C out/OzoneCaca content_shell ninja -C out/OzoneCaca content_shell
./out/OzoneCaca/content_shell --disable-setuid-sandbox ./out/OzoneCaca/content_shell
``` ```
Note: traditional TTYs are not the ideal browsing experience.<br/> Note: traditional TTYs are not the ideal browsing experience.<br/>