cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pledge(2) the chromium processes;

Browse Source 
The renderer, gpu, plugin and utility processes are now using pledge(2)
Unfortunately the GPU process only requires an rpath pledge because of
Mesa trying to parse two configuration files, /etc/drirc and ${HOME}/.drirc
So currently the GPU process will use an rpath pledge in the next
week or so so that people can test, but this situation has to be
resolved because it is not acceptable that a mostly unused configuration
file is being parsed from a library and that stops us from using less
pledges and thus disallowing the GPU process to have read access
to the filsystem ... like your ssh keys.
This commit is contained in:
robert 2016-01-06 21:46:44 +00:00
parent 1120b75dee
commit 04526b1de6
11 changed files with 314 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
www/chromium/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.258 2015/12/28 09:53:27 robert Exp $ # $OpenBSD: Makefile,v 1.259 2016/01/06 21:46:44 robert Exp $
ONLY_FOR_ARCHS= i386 amd64 ONLY_FOR_ARCHS= i386 amd64
DPB_PROPERTIES= parallel DPB_PROPERTIES= parallel
@ -8,6 +8,7 @@ COMMENT= Chromium browser
V= 47.0.2526.106 V= 47.0.2526.106
DISTNAME= chromium-${V} DISTNAME= chromium-${V}
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
REVISION= 0
CATEGORIES= www CATEGORIES= www

38
www/chromium/patches/patch-base_sys_info_openbsd_cc
View File

@ -1,15 +1,29 @@
$OpenBSD: patch-base_sys_info_openbsd_cc,v 1.7 2015/07/23 13:44:04 robert Exp $ $OpenBSD: patch-base_sys_info_openbsd_cc,v 1.8 2016/01/06 21:46:44 robert Exp $
--- base/sys_info_openbsd.cc.orig.port Wed Jul 22 08:42:13 2015 --- base/sys_info_openbsd.cc.orig.port Tue Dec 15 21:05:04 2015
+++ base/sys_info_openbsd.cc Wed Jul 22 08:42:21 2015 +++ base/sys_info_openbsd.cc Sun Jan 3 22:19:58 2016
@@ -44,11 +44,6 @@ int64 SysInfo::AmountOfPhysicalMemory() { @@ -26,6 +26,8 @@ int64 AmountOfMemory(int pages_name) {
namespace base {
+int64 aofpmem = 0;
+
// static
int SysInfo::NumberOfProcessors() {
int mib[] = { CTL_HW, HW_NCPU };
@@ -40,12 +42,11 @@ int SysInfo::NumberOfProcessors() {
// static
int64 SysInfo::AmountOfPhysicalMemory() {
- return AmountOfMemory(_SC_PHYS_PAGES);
-}
+ // pledge(2)
+ if (!aofpmem)
+ aofpmem = AmountOfMemory(_SC_PHYS_PAGES);
-// static
-int64 SysInfo::AmountOfAvailablePhysicalMemory() {
- return AmountOfMemory(_SC_AVPHYS_PAGES);
+ return aofpmem;
} }
// static // static
-int64 SysInfo::AmountOfAvailablePhysicalMemory() {
- return AmountOfMemory(_SC_AVPHYS_PAGES);
-}
-
-// static
uint64 SysInfo::MaxSharedMemorySize() {
int mib[] = { CTL_KERN, KERN_SHMINFO, KERN_SHMINFO_SHMMAX };
size_t limit;

78
www/chromium/patches/patch-content_common_sandbox_init_openbsd_cc Normal file
View File

@ -0,0 +1,78 @@
$OpenBSD: patch-content_common_sandbox_init_openbsd_cc,v 1.1 2016/01/06 21:46:44 robert Exp $
--- content/common/sandbox_init_openbsd.cc.orig.port Sun Jan 3 21:05:02 2016
+++ content/common/sandbox_init_openbsd.cc Wed Jan 6 20:57:58 2016
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2016 Robert Nagy <robert@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "content/common/sandbox_init_openbsd.h"
+
+#include "base/command_line.h"
+#include "base/logging.h"
+#include "base/sys_info.h"
+#include "content/public/common/content_switches.h"
+#include "content/public/common/sandbox_init.h"
+
+namespace content {
+
+bool InitializeSandbox() {
+ const base::CommandLine& command_line =
+ *base::CommandLine::ForCurrentProcess();
+ if (command_line.HasSwitch(switches::kNoSandbox))
+ return false;
+
+ std::string process_type =
+ command_line.GetSwitchValueASCII(switches::kProcessType);
+ VLOG(1) << "InitializeSandbox() process_type=" << process_type;
+ if (process_type.empty()) {
+ // Browser process isn't sandboxed.
+ return false;
+ } else if (process_type == switches::kRendererProcess) {
+ // prot_exec needed by v8
+ // flock needed by sqlite3 locking
+ if (pledge("stdio rpath flock prot_exec sendfd", NULL) == -1) {
+ LOG(ERROR) << "pledge() failed, errno: " << errno;
+ _exit(1);
+ }
+ } else if (process_type == switches::kGpuProcess) {
+ if (pledge("stdio rpath drm prot_exec sendfd", NULL) == -1) {
+ LOG(ERROR) << "pledge() failed, errno: " << errno;
+ _exit(1);
+ }
+ } else if ((process_type == switches::kPluginProcess) ||
+ (process_type == switches::kPpapiPluginProcess)) {
+ // "cache" the amount of physical memory before pledge(2)
+ {
+ base::SysInfo::AmountOfPhysicalMemoryMB();
+ }
+ // prot_exec needed by v8
+ if (pledge("stdio prot_exec sendfd", NULL) == -1) {
+ LOG(ERROR) << "pledge() failed, errno: " << errno;
+ _exit(1);
+ }
+ } else if (process_type == switches::kUtilityProcess) {
+ if (pledge("stdio rpath cpath wpath fattr", NULL) == -1) {
+ LOG(ERROR) << "pledge() failed, errno: " << errno;
+ _exit(1);
+ }
+ } else {
+ return false;
+ }
+
+ return true;
+}
+
+} // namespace content

32
www/chromium/patches/patch-content_common_sandbox_init_openbsd_h Normal file
View File

@ -0,0 +1,32 @@
$OpenBSD: patch-content_common_sandbox_init_openbsd_h,v 1.1 2016/01/06 21:46:44 robert Exp $
--- content/common/sandbox_init_openbsd.h.orig.port Sun Jan 3 21:05:04 2016
+++ content/common/sandbox_init_openbsd.h Mon Jan 4 08:17:09 2016
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2016 Robert Nagy <robert@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef CONTENT_COMMON_SANDBOX_INIT_OPENBSD_H_
+#define CONTENT_COMMON_SANDBOX_INIT_OPENBSD_H_
+
+namespace content {
+
+// Initialize the sandbox for renderer, gpu, utility, worker, and plugin
+// processes, depending on the command line flags.
+bool InitializeSandbox();
+
+} // namespace content
+
+#endif // CONTENT_COMMON_SANDBOX_INIT_OPENBSD_H_

29
www/chromium/patches/patch-content_content_common_gypi
View File

@ -1,10 +1,21 @@
$OpenBSD: patch-content_content_common_gypi,v 1.25 2015/12/05 16:13:32 robert Exp $ $OpenBSD: patch-content_content_common_gypi,v 1.26 2016/01/06 21:46:44 robert Exp $
--- content/content_common.gypi.orig.port Tue Nov 24 21:00:55 2015 --- content/content_common.gypi.orig.port Tue Dec 15 21:05:11 2015
+++ content/content_common.gypi Wed Dec 2 08:18:32 2015 +++ content/content_common.gypi Sun Jan 3 20:48:02 2016
@@ -750,6 +750,34 @@ @@ -495,6 +495,8 @@
'common/resource_request_body.h',
'common/sandbox_init_mac.cc',
'common/sandbox_init_mac.h',
+ 'common/sandbox_init_openbsd.cc',
+ 'common/sandbox_init_openbsd.h',
'common/sandbox_init_win.cc',
'common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc',
'common/sandbox_linux/android/sandbox_bpf_base_policy_android.h',
@@ -748,6 +750,34 @@
'dependencies': [
'content.gyp:content_jni_headers',
'content.gyp:common_aidl', 'content.gyp:common_aidl',
], + ],
}], + }],
+ ['os_bsd==1', { + ['os_bsd==1', {
+ 'sources!': [ + 'sources!': [
+ 'common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc', + 'common/sandbox_linux/bpf_cros_arm_gpu_policy_linux.cc',
@ -31,8 +42,6 @@ $OpenBSD: patch-content_content_common_gypi,v 1.25 2015/12/05 16:13:32 robert Ex
+ 'common/sandbox_init_linux.cc', + 'common/sandbox_init_linux.cc',
+ 'common/sandbox_seccomp_bpf_linux.cc', + 'common/sandbox_seccomp_bpf_linux.cc',
+ 'common/sandbox_seccomp_bpf_linux.h', + 'common/sandbox_seccomp_bpf_linux.h',
+ ], ],
+ }], }],
['use_pango == 1', { ['use_pango == 1', {
'dependencies': [
'../build/linux/system.gyp:pangocairo',

87
www/chromium/patches/patch-content_gpu_gpu_main_cc
View File

@ -1,16 +1,29 @@
$OpenBSD: patch-content_gpu_gpu_main_cc,v 1.9 2015/12/05 16:13:32 robert Exp $ $OpenBSD: patch-content_gpu_gpu_main_cc,v 1.10 2016/01/06 21:46:44 robert Exp $
--- content/gpu/gpu_main.cc.orig.port Tue Nov 24 21:00:55 2015 --- content/gpu/gpu_main.cc.orig.port Tue Dec 15 21:05:11 2015
+++ content/gpu/gpu_main.cc Wed Dec 2 08:18:32 2015 +++ content/gpu/gpu_main.cc Sun Jan 3 20:50:31 2016
@@ -93,7 +93,7 @@ bool WarmUpSandbox(const base::CommandLine& command_li @@ -66,6 +66,10 @@
#include "content/common/sandbox_mac.h"
#endif
+#if defined(OS_BSD)
+#include "content/common/sandbox_init_openbsd.h"
+#endif
+
#if defined(OS_CHROMEOS) && defined(ARCH_CPU_X86_FAMILY)
#include "content/common/gpu/media/vaapi_wrapper.h"
#endif
@@ -93,8 +97,8 @@ bool WarmUpSandbox(const base::CommandLine& command_li
bool CollectGraphicsInfo(gpu::GPUInfo& gpu_info); bool CollectGraphicsInfo(gpu::GPUInfo& gpu_info);
#endif #endif
-#if defined(OS_LINUX) -#if defined(OS_LINUX)
-#if !defined(OS_CHROMEOS)
+#if defined(OS_LINUX) || defined(OS_BSD) +#if defined(OS_LINUX) || defined(OS_BSD)
#if !defined(OS_CHROMEOS) +#if !defined(OS_CHROMEOS) && !defined(OS_BSD)
bool CanAccessNvidiaDeviceFile(); bool CanAccessNvidiaDeviceFile();
#endif #endif
@@ -171,13 +171,13 @@ int GpuMain(const MainFunctionParams& parameters) { bool StartSandboxLinux(const gpu::GPUInfo&, GpuWatchdogThread*, bool);
@@ -171,13 +175,13 @@ int GpuMain(const MainFunctionParams& parameters) {
// Use a UI message loop because ANGLE and the desktop GL platform can // Use a UI message loop because ANGLE and the desktop GL platform can
// create child windows to render to. // create child windows to render to.
base::MessageLoop main_message_loop(base::MessageLoop::TYPE_UI); base::MessageLoop main_message_loop(base::MessageLoop::TYPE_UI);
@ -26,27 +39,28 @@ $OpenBSD: patch-content_gpu_gpu_main_cc,v 1.9 2015/12/05 16:13:32 robert Exp $
base::MessageLoop main_message_loop(base::MessageLoop::TYPE_DEFAULT); base::MessageLoop main_message_loop(base::MessageLoop::TYPE_DEFAULT);
#elif defined(OS_MACOSX) #elif defined(OS_MACOSX)
// This is necessary for CoreAnimation layers hosted in the GPU process to be // This is necessary for CoreAnimation layers hosted in the GPU process to be
@@ -249,6 +249,10 @@ int GpuMain(const MainFunctionParams& parameters) { @@ -237,7 +241,7 @@ int GpuMain(const MainFunctionParams& parameters) {
initialized_sandbox = true;
}
#endif // defined(OS_LINUX)
+#if defined(OS_BSD)
+ bool initialized_gl_context = false;
+ bool should_initialize_gl_context = false;
+#endif
base::TimeTicks before_initialize_one_off = base::TimeTicks::Now(); // Warm up resources that don't need access to GPUInfo.
if (WarmUpSandbox(command_line)) {
@@ -296,7 +300,7 @@ int GpuMain(const MainFunctionParams& parameters) { -#if defined(OS_LINUX)
+#if defined(OS_LINUX) || defined(OS_BSD)
bool initialized_sandbox = false;
bool initialized_gl_context = false;
bool should_initialize_gl_context = false;
@@ -296,9 +300,9 @@ int GpuMain(const MainFunctionParams& parameters) {
} }
#endif #endif
-#if defined(OS_LINUX) -#if defined(OS_LINUX)
+#if defined(OS_LINUX) || defined(OS_BSD) +#if defined(OS_LINUX) || defined(OS_BSD)
initialized_gl_context = true; initialized_gl_context = true;
#if !defined(OS_CHROMEOS) -#if !defined(OS_CHROMEOS)
+#if !defined(OS_CHROMEOS) && !defined(OS_BSD)
if (gpu_info.gpu.vendor_id == 0x10de && // NVIDIA if (gpu_info.gpu.vendor_id == 0x10de && // NVIDIA
@@ -335,14 +339,16 @@ int GpuMain(const MainFunctionParams& parameters) { gpu_info.driver_vendor == "NVIDIA" &&
!CanAccessNvidiaDeviceFile())
@@ -335,7 +339,7 @@ int GpuMain(const MainFunctionParams& parameters) {
watchdog_thread = NULL; watchdog_thread = NULL;
} }
@ -55,21 +69,46 @@ $OpenBSD: patch-content_gpu_gpu_main_cc,v 1.9 2015/12/05 16:13:32 robert Exp $
should_initialize_gl_context = !initialized_gl_context && should_initialize_gl_context = !initialized_gl_context &&
!dead_on_arrival; !dead_on_arrival;
+#if !defined(OS_BSD) @@ -343,6 +347,7 @@ int GpuMain(const MainFunctionParams& parameters) {
if (!initialized_sandbox) {
gpu_info.sandboxed = StartSandboxLinux(gpu_info, watchdog_thread.get(), gpu_info.sandboxed = StartSandboxLinux(gpu_info, watchdog_thread.get(),
should_initialize_gl_context); should_initialize_gl_context);
} }
+#endif +
#elif defined(OS_WIN) #elif defined(OS_WIN)
gpu_info.sandboxed = StartSandboxWindows(parameters.sandbox_info); gpu_info.sandboxed = StartSandboxWindows(parameters.sandbox_info);
#elif defined(OS_MACOSX) #elif defined(OS_MACOSX)
@@ -447,7 +453,7 @@ bool CollectGraphicsInfo(gpu::GPUInfo& gpu_info) { @@ -447,8 +452,8 @@ bool CollectGraphicsInfo(gpu::GPUInfo& gpu_info) {
} }
#endif #endif
-#if defined(OS_LINUX) -#if defined(OS_LINUX)
-#if !defined(OS_CHROMEOS)
+#if defined(OS_LINUX) || defined(OS_BSD) +#if defined(OS_LINUX) || defined(OS_BSD)
#if !defined(OS_CHROMEOS) +#if !defined(OS_CHROMEOS) && !defined(OS_BSD)
bool CanAccessNvidiaDeviceFile() { bool CanAccessNvidiaDeviceFile() {
bool res = true; bool res = true;
base::ThreadRestrictions::AssertIOAllowed();
@@ -506,6 +511,7 @@ bool StartSandboxLinux(const gpu::GPUInfo& gpu_info,
WarmUpSandboxNvidia(gpu_info, should_initialize_gl_context);
+#if !defined(OS_BSD)
if (watchdog_thread) {
// LinuxSandbox needs to be able to ensure that the thread
// has really been stopped.
@@ -525,11 +531,15 @@ bool StartSandboxLinux(const gpu::GPUInfo& gpu_info,
// LinuxSandbox::InitializeSandbox() must always be called
// with only one thread.
res = LinuxSandbox::InitializeSandbox();
+
if (watchdog_thread) {
base::Thread::Options options;
options.timer_slack = base::TIMER_SLACK_MAXIMUM;
watchdog_thread->StartWithOptions(options);
}
+#else
+ res = InitializeSandbox();
+#endif
return res;
}

21
www/chromium/patches/patch-content_ppapi_plugin_ppapi_thread_cc Normal file
View File

@ -0,0 +1,21 @@
$OpenBSD: patch-content_ppapi_plugin_ppapi_thread_cc,v 1.1 2016/01/06 21:46:44 robert Exp $
--- content/ppapi_plugin/ppapi_thread.cc.orig.port Sun Jan 3 21:02:51 2016
+++ content/ppapi_plugin/ppapi_thread.cc Sun Jan 3 21:03:15 2016
@@ -56,6 +56,8 @@
#include "sandbox/win/src/sandbox.h"
#elif defined(OS_MACOSX)
#include "content/common/sandbox_init_mac.h"
+#elif defined(OS_BSD)
+#include "content/common/sandbox_init_openbsd.h"
#endif
#if defined(OS_WIN)
@@ -442,7 +444,7 @@ void PpapiThread::OnLoadPlugin(const base::FilePath& p
return;
}
} else {
-#if defined(OS_MACOSX)
+#if defined(OS_MACOSX) || defined(OS_BSD)
// We need to do this after getting |PPP_GetInterface()| (or presumably
// doing something nontrivial with the library), else the sandbox
// intercedes.

21
www/chromium/patches/patch-content_renderer_renderer_main_cc Normal file
View File

@ -0,0 +1,21 @@
$OpenBSD: patch-content_renderer_renderer_main_cc,v 1.3 2016/01/06 21:46:44 robert Exp $
--- content/renderer/renderer_main.cc.orig.port Sun Jan 3 21:44:36 2016
+++ content/renderer/renderer_main.cc Sun Jan 3 21:44:58 2016
@@ -182,7 +182,7 @@ int RendererMain(const MainFunctionParams& parameters)
#endif
{
-#if defined(OS_WIN) || defined(OS_MACOSX)
+#if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_BSD)
// TODO(markus): Check if it is OK to unconditionally move this
// instruction down.
RenderProcessImpl render_process;
@@ -192,7 +192,7 @@ int RendererMain(const MainFunctionParams& parameters)
bool run_loop = true;
if (!no_sandbox)
run_loop = platform.EnableSandbox();
-#if defined(OS_POSIX) && !defined(OS_MACOSX)
+#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_BSD)
RenderProcessImpl render_process;
RenderThreadImpl::Create(main_message_loop.Pass(),
renderer_scheduler.Pass());

26
www/chromium/patches/patch-content_renderer_renderer_main_platform_delegate_linux_cc
View File

@ -1,15 +1,29 @@
$OpenBSD: patch-content_renderer_renderer_main_platform_delegate_linux_cc,v 1.11 2015/03/18 19:26:29 robert Exp $ $OpenBSD: patch-content_renderer_renderer_main_platform_delegate_linux_cc,v 1.12 2016/01/06 21:46:44 robert Exp $
--- content/renderer/renderer_main_platform_delegate_linux.cc.orig.port Tue Mar 10 23:29:11 2015 --- content/renderer/renderer_main_platform_delegate_linux.cc.orig.port Fri Nov 13 12:04:18 2015
+++ content/renderer/renderer_main_platform_delegate_linux.cc Wed Mar 11 07:22:50 2015 +++ content/renderer/renderer_main_platform_delegate_linux.cc Sun Jan 3 18:46:20 2016
@@ -35,6 +35,7 @@ bool RendererMainPlatformDelegate::EnableSandbox() { @@ -10,7 +10,11 @@
#include "base/command_line.h"
#include "base/files/file_util.h"
#include "base/logging.h"
+#if defined(OS_OPENBSD)
+#include "content/common/sandbox_init_openbsd.h"
+#else
#include "content/common/sandbox_linux/sandbox_linux.h"
+#endif
#include "content/public/common/content_switches.h"
#include "content/public/common/sandbox_init.h"
@@ -35,6 +39,9 @@ bool RendererMainPlatformDelegate::EnableSandbox() {
// http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
// //
// Anything else is started in InitializeSandbox(). // Anything else is started in InitializeSandbox().
+#if !defined(OS_BSD) +#if defined(OS_BSD)
+ InitializeSandbox();
+#else
LinuxSandbox::InitializeSandbox(); LinuxSandbox::InitializeSandbox();
// about:sandbox uses a value returned from LinuxSandbox::GetStatus() before // about:sandbox uses a value returned from LinuxSandbox::GetStatus() before
// any renderer has been started. // any renderer has been started.
@@ -61,6 +62,7 @@ bool RendererMainPlatformDelegate::EnableSandbox() { @@ -61,6 +68,7 @@ bool RendererMainPlatformDelegate::EnableSandbox() {
CHECK_EQ(errno, EPERM); CHECK_EQ(errno, EPERM);
} }
#endif // __x86_64__ #endif // __x86_64__

20
www/chromium/patches/patch-content_utility_utility_main_cc Normal file
View File

@ -0,0 +1,20 @@
$OpenBSD: patch-content_utility_utility_main_cc,v 1.1 2016/01/06 21:46:44 robert Exp $
--- content/utility/utility_main.cc.orig.port Sun Jan 3 19:17:08 2016
+++ content/utility/utility_main.cc Sun Jan 3 21:03:30 2016
@@ -9,6 +9,7 @@
#include "base/timer/hi_res_timer_manager.h"
#include "content/child/child_process.h"
#include "content/common/sandbox_linux/sandbox_linux.h"
+#include "content/common/sandbox_init_openbsd.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/main_function_params.h"
#include "content/public/common/sandbox_init.h"
@@ -33,6 +34,8 @@ int UtilityMain(const MainFunctionParams& parameters)
// Seccomp-BPF policy.
if (parameters.zygote_child)
LinuxSandbox::InitializeSandbox();
+#elif defined(OS_BSD)
+ InitializeSandbox();
#endif
ChildProcess utility_process;

12
www/chromium/patches/patch-device_battery_battery_gyp Normal file
View File

@ -0,0 +1,12 @@
$OpenBSD: patch-device_battery_battery_gyp,v 1.1 2016/01/06 21:46:44 robert Exp $
--- device/battery/battery.gyp.orig.port Mon Jan 4 19:37:57 2016
+++ device/battery/battery.gyp Mon Jan 4 19:38:13 2016
@@ -123,7 +123,7 @@
'battery_status_manager_linux.cc',
],
}],
- ['OS == "linux" and use_dbus==1', {
+ ['(os_bsd==1 or OS == "linux") and use_dbus==1', {
'sources!': [
'battery_status_manager_default.cc',
],