tag:blogger.com,1999:blog-8992811497323121233.post5666310492848076854..comments2023-11-14T02:17:43.929-08:00Comments on cr0 blog: Introducing Chrome's next-generation Linux sandboxUnknownnoreply@blogger.comBlogger6125tag:blogger.com,1999:blog-8992811497323121233.post-12504036070917489592012-09-15T11:53:06.224-07:002012-09-15T11:53:06.224-07:00If you look at the kernel ring buffer (dmesg), you...If you look at the kernel ring buffer (dmesg), you should see the address of the crash.<br /><br />The address is actually fake and the LSB indicates the syscall number.<br /><br />That being said stack traces are most useful.<br />If you don't mind enabling crash reporting, you can then go to about:crashes and see the ID to include with your bug report.<br /><br />Please file a bug at crbug.com with the information!<br /><br />Thanks!Julien Tinneshttps://www.blogger.com/profile/05636781178145883012noreply@blogger.comtag:blogger.com,1999:blog-8992811497323121233.post-68555114960593650212012-09-12T15:29:13.256-07:002012-09-12T15:29:13.256-07:00Getting quite a few reproducible crashes on specif...Getting quite a few reproducible crashes on specific pages with kernel 3.5.3, chromium 23.0.1262.0 (155673), which go away when I run with --disable-seccomp-filter-sandbox. What's the best way for me to debug this, and I'll submit a proper bug report with some decent information. Right now it just segfaults, and the sandbox prevents ptrace(), so I can't straightforwardly load the renderer in gdb.Jasonhttp://www.zx2c4.com/noreply@blogger.comtag:blogger.com,1999:blog-8992811497323121233.post-24038635659007454362012-09-08T15:27:05.955-07:002012-09-08T15:27:05.955-07:00Re FS namespaces: they are a hassle and would make...Re FS namespaces: they are a hassle and would make it difficult to give access to /dev/urandom but not the rest of /dev.<br /><br />Also setting this up requires privileges, and even more importantly, cleaning it up too, which makes it quite a hard problem.<br />For the setuid sandbox, even creating a temporary empty directory where we could chroot wasn't trivial (and we ended-up using /proc/self/fdinfo of a dead process).Julien Tinneshttps://www.blogger.com/profile/05636781178145883012noreply@blogger.comtag:blogger.com,1999:blog-8992811497323121233.post-50642622985700151592012-09-08T15:24:23.087-07:002012-09-08T15:24:23.087-07:00Re Ubuntu: no, Ubuntu 12.04 has a 3.2 kernel, but ...Re Ubuntu: no, Ubuntu 12.04 has a 3.2 kernel, but seccomp-bpf has been backported on it.Julien Tinneshttps://www.blogger.com/profile/05636781178145883012noreply@blogger.comtag:blogger.com,1999:blog-8992811497323121233.post-1489897575205115082012-09-07T14:50:39.314-07:002012-09-07T14:50:39.314-07:00For limiting access to certain directories, why no...For limiting access to certain directories, why not use file system namespaces instead of a broker?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8992811497323121233.post-9303179717429119972012-09-07T06:36:09.524-07:002012-09-07T06:36:09.524-07:00Good post. But, you may be referred to Ubuntu 12.1...Good post. But, you may be referred to Ubuntu 12.10?Anonymousnoreply@blogger.com