Google Git
Sign in
chromium / chromium / src / ad6d2c4304320a300009682901199278fabd3148^! / . / build / common.gypi
commitad6d2c4304320a300009682901199278fabd3148[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Tue Sep 15 20:13:38 2009
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Tue Sep 15 20:13:38 2009
treea85ecca65867c1a5696c7075a3def08525a496e2
parent2f4e8134c2a1d868eb4264dfb110cab5a94f43d7 [diff] [blame]
Linux: add support for SELinux.

This patch adds support for a selinux GYP variable which, when set to
one, does the following:
  * Removes the seccomp sandbox from the compile
  * Removes support for SUID sandboxing from the zygote
  * Performs a dynamic transition, in the zygote, to
    chromium_renderer_t.

This code requires that the system policy have a sensible set of
access vectors for the chromium_renderer_t type. Such a policy will be
found in sandbox/selinux in the future.

http://codereview.chromium.org/203071


git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26257 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/build/common.gypi b/build/common.gypi
index aeb5d11..7b8ad12f 100644
--- a/build/common.gypi
+++ b/build/common.gypi

@@ -112,6 +112,9 @@
     # sandbox the zygote process and, thus, all renderer processes.
     'linux_sandbox_path%': '',
 
+    # Set this to true to enable SELinux support.
+    'selinux%': 0,
+
     'conditions': [
       ['OS=="linux"', {
         'conditions': [
@@ -189,6 +192,9 @@
       ['chromeos==1', {
         'defines': ['OS_CHROMEOS=1'],
       }],
+      ['selinux==1', {
+        'defines': ['CHROMIUM_SELINUX=1'],
+      }],
       ['coverage!=0', {
         'conditions': [
           ['OS=="mac"', {