From: Yves-Alexis Perez <corsac@debian.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] The weird bug again: semid XXXXXX: semop failed for cookie 0xdeadbeef: incorrect semaphore state
Date: Wed, 17 Aug 2011 14:17:40 +0200 [thread overview]
Message-ID: <1313583460.6534.14.camel@oban> (raw)
In-Reply-To: <4E4BA673.9060000@redhat.com>
On mer., 2011-08-17 at 13:30 +0200, Milan Broz wrote:
> On 08/17/2011 12:48 PM, Milan Broz wrote:
> >> For chromium, it might be that the default sandboxing (setuid one)
> uses
> >> PID and network namespaces. Not sure why it'd mess with semaphores,
> but
> >> maybe there's something to look at there.
>
> It is apparently related to sandboxing, namely to using namespaces
> (You need kernel support for it to reproduce. See about:sandbox in
> chromium.)
>
> I would really like to know what crazy is chromium doing to global
> system.
>
> Despite I like the idea of sandboxing I have to ask
> why it is part of "browser" and not some separate package.
> What's next? Bundled kernel? :)
Because each tab is sandboxed. There's a seccomp sandbox available too.
>
> Also installing setuid /usr/lib64/chromium/chromium-sandbox ...
> Not even man page for it. Sigh...
See http://code.google.com/p/chromium/wiki/LinuxSandboxing
--
Yves-Alexis
next prev parent reply other threads:[~2011-08-17 12:17 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-16 20:45 [dm-crypt] The weird bug again: semid XXXXXX: semop failed for cookie 0xdeadbeef: incorrect semaphore state Thomas Bächler
2011-08-16 21:44 ` Milan Broz
2011-08-16 21:55 ` Thomas Bächler
2011-08-17 7:31 ` Milan Broz
2011-08-17 11:22 ` Alexander Koch
2011-08-17 10:43 ` Yves-Alexis Perez
2011-08-17 10:48 ` Milan Broz
2011-08-17 11:30 ` Milan Broz
2011-08-17 12:17 ` Yves-Alexis Perez [this message]
2011-08-18 8:56 ` Milan Broz
2011-08-18 9:56 ` Thomas Bächler
2011-08-18 10:25 ` Milan Broz
2011-08-22 11:51 ` Thomas Bächler
2011-08-23 10:01 ` Thomas Bächler
2011-08-23 11:51 ` Milan Broz
2011-09-16 6:33 ` Thomas Bächler
2011-11-03 15:32 ` Sebastian Steinhuber
2011-11-10 11:28 ` Milan Broz
2011-08-18 20:49 ` Yves-Alexis Perez
2011-08-16 22:12 ` Alexander Koch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1313583460.6534.14.camel@oban \
--to=corsac@debian.org \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.