+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------
Chromium uses several mitigations on OpenBSD:
- each category of process uses pledge(2) to limit system call access
- each category of process uses unveil(2) to limit filesystem access.
Occasionally, some extensions may violate some pledge(2) specifications.
This will appear in syslog's /var/log/messages as
chromium[<pid>]: pledge "<name>", syscall <n>.
along with the more obvious "Oops" in chromium tabs.
Disabling pledge() or unveil() is not recommended!
THE FOLLOWING INFORMATION IS FOR DEBUG PURPOSES ONLY
- global pledge knob: invoke chromium with --no-sandbox
- specific pledge for specific processes:
${SYSCONFDIR}/chromium/pledge.*
- global unveil knob: invoke chromium with --disable-unveil
- specific unveil for specific processes:
${SYSCONFDIR}/chromium/unveil.*
Specific situations
-------------------
If you need to access files from alternative locations (for example
opening files in /var/www/htdocs directly in chromium), add the paths
to ${SYSCONFDIR}/chromium/unveil.main and merge with changes in files in
${PREFIX}/share/examples/chromium/ at update time.
webgl and 3d and acceleration support:
- some DRM supported cards are marked as unsupported by chromium
Using --ignore-gpu-blacklist may allow you to test
Interoperability with base window managers:
- some window managers do not have compositing support; for instance, fvwm.
In order to have decent graphic rendering, they should be supplemented by
a compositing manager. For instance, xcompmgr in base.
