+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------
Chromium uses several mitigations on OpenBSD:
- each category of process uses pledge(2) to limit system call access
- each category of process uses unveil(2) to limit filesystem access.
Occasionally, some extensions may violate some pledge(2) specifications.
This will appear in syslog's /var/log/messages as
iridium[<pid>]: pledge "<name>", syscall <n>.
along with the more obvious "Oops" in iridium tabs.
Disabling pledge() or unveil() is not recommended!
THE FOLLOWING INFORMATION IS FOR DEBUG PURPOSES ONLY
- global pledge knob: invoke iridium with --no-sandbox
- specific pledge for specific processes:
${SYSCONFDIR}/iridium/pledge.*
- global unveil knob: invoke iridium with --disable-unveil
- specific unveil for specific processes:
${SYSCONFDIR}/iridium/unveil.*
Specific situations
-------------------
If you need to access files from alternative locations (for example
opening files in /var/www/htdocs directly in iridium), add the paths
to ${SYSCONFDIR}/iridium/unveil.main and merge with changes in files in
${PREFIX}/share/examples/iridium/ at update time.
webgl and 3d and acceleration support:
- some DRM supported cards are marked as unsupported by iridium
Using --ignore-gpu-blacklist may allow you to test
Interoperability with base window managers:
- some window managers do not have compositing support; for instance, fvwm.
In order to have decent graphic rendering, they should be supplemented by
a compositing manager. For instance, xcompmgr in base.
