Chromium Embedded Framework Forum

[rroy]

Hi Marshall,
My team has been using CEF to develop our product for quite some time. Now, to implement a new proposed feature we need to have sandboxed renderers. I am aware of the issue logged to track this feature (https://code.google.com/p/chromiumembed ... ail?id=524). However, it has not been updated for about 10 months now. Would it be possible for you to post an update for this work? My team is blocked on this as we cannot decide it CEF3 sandboxing will be available to us in time.

I am more than willing to contribute to the effort if it will speed things up. I saw another post where you mention that there are some assumptions in the implementation of sandboxing in chromium today that prevents it from being integrated into CEF3 as is. Could you throw some light on this? Going through the code for chromium I found that the TargetPolicy allows names pipes in the "chrome.*" namespace only. Is this the sort of constraint you were speaking of? Stepping though the code with "no-sandbox" disabled I see that the broker fails to launch child processes ("-type gpuprocess"/"-type renderer") as it encounters errors in initializing interceptions (fails in WriteProcessMemory in TargetProcess::TransferVariable(...)). Any hints on fixing thsese errors will be much appreciated. You must have realized by now that this is the first time I am actually mucking around in CEF's source code. If I cannot help you because of my inexperience or any other reason, I would at least like to get the sandbox running for just my product.

I hope I have got the right forum.

Thanks
rroy

[rroy]

http://magpcss.org/ceforum/viewtopic.php?f=10&t=10222 is the discussion about browser security I was referring to where you talking about assumptions about host executables.

Thanks
rroy

[magreenblatt]

I've updated the issue with additional information.