diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-08-15 20:36:13 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-08-15 20:36:47 +0200 |
commit | f9c3076e58595043d528a42e92dad49cd4e2e1d2 (patch) | |
tree | 60cb84279733ef04cc61cd116ea496d81d70663e | |
parent | 050b7eec1688c2c4cd3391aa673bed9398d3bf9f (diff) | |
download | nixpkgs-f9c3076e58595043d528a42e92dad49cd4e2e1d2.tar nixpkgs-f9c3076e58595043d528a42e92dad49cd4e2e1d2.tar.gz nixpkgs-f9c3076e58595043d528a42e92dad49cd4e2e1d2.tar.bz2 nixpkgs-f9c3076e58595043d528a42e92dad49cd4e2e1d2.tar.lz nixpkgs-f9c3076e58595043d528a42e92dad49cd4e2e1d2.tar.xz nixpkgs-f9c3076e58595043d528a42e92dad49cd4e2e1d2.tar.zst nixpkgs-f9c3076e58595043d528a42e92dad49cd4e2e1d2.zip |
grsecurity docs: mention chromium setuid sandbox
-rw-r--r-- | nixos/doc/manual/configuration/grsecurity.xml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/doc/manual/configuration/grsecurity.xml b/nixos/doc/manual/configuration/grsecurity.xml index 8387658f1e5..28415e89bfa 100644 --- a/nixos/doc/manual/configuration/grsecurity.xml +++ b/nixos/doc/manual/configuration/grsecurity.xml @@ -267,8 +267,8 @@ <itemizedlist> <listitem><para>User namespaces require <literal>CAP_SYS_ADMIN</literal>: consequently, unprivileged namespaces are unsupported. Applications that - rely on namespaces for sandboxing (e.g., chromium) must use a privileged - helper.</para></listitem> + rely on namespaces for sandboxing must use a privileged helper. For chromium + there is <option>security.chromiumSuidSandbox.enable</option>.</para></listitem> <listitem><para>Access to EFI runtime services is disabled by default: this plugs a potential code injection attack vector; use |