43 lines
1.7 KiB
Text
43 lines
1.7 KiB
Text
+-------------------------------------------------------------------------------
|
|
| Running ${PKGSTEM} on OpenBSD
|
|
+-------------------------------------------------------------------------------
|
|
|
|
Chromium uses several mitigations on OpenBSD:
|
|
|
|
- each category of process uses pledge(2) to limit system call access
|
|
- each category of process uses unveil(2) to limit filesystem access.
|
|
|
|
Occasionally, some extensions may violate some pledge(2) specifications.
|
|
This will appear in syslog's /var/log/messages as
|
|
|
|
chromium[<pid>]: pledge "<name>", syscall <n>.
|
|
|
|
along with the more obvious "Oops" in chromium tabs.
|
|
|
|
Disabling pledge() or unveil() is not recommended!
|
|
|
|
THE FOLLOWING INFORMATION IS FOR DEBUG PURPOSES ONLY
|
|
|
|
- global pledge knob: invoke chromium with --no-sandbox
|
|
- specific pledge for specific processes:
|
|
${SYSCONFDIR}/chromium/pledge.*
|
|
|
|
- global unveil knob: invoke chromium with --disable-unveil
|
|
- specific unveil for specific processes:
|
|
${SYSCONFDIR}/chromium/unveil.*
|
|
|
|
Specific situations
|
|
-------------------
|
|
If you need to access files from alternative locations (for example
|
|
opening files in /var/www/htdocs directly in chromium), add the paths
|
|
to ${SYSCONFDIR}/chromium/unveil.main and merge with changes in files in
|
|
${PREFIX}/share/examples/chromium/ at update time.
|
|
|
|
webgl and 3d and acceleration support:
|
|
- some DRM supported cards are marked as unsupported by chromium
|
|
Using --ignore-gpu-blacklist may allow you to test
|
|
|
|
Interoperability with base window managers:
|
|
- some window managers do not have compositing support; for instance, fvwm.
|
|
In order to have decent graphic rendering, they should be supplemented by
|
|
a compositing manager. For instance, xcompmgr in base.
|