Chromium + Capsicum

This wiki page describes how to check out and build the experimental extensions to the FreeBSD Chromium port. Note that this requires installing experimental kernel changes as well as a modified version of Chromium, and is not for the cautious.

Install FreeBSD 8.0

Install FreeBSD 8.0, and the subversion-freebsd port. While the capabilities8 branch tracks 8-STABLE, the only guaranteed upgrade path is from 8.0, as "downgrades" on 8-STABLE are not guaranteed.

Upgrade to capabilities8

Use subversion to check out the capabilities8 branch:

svn co capabilities8

This will check out a source tree in the capabilities8 directory. Build world, build kernel with our sample config file CAPABILITIES, install kernel, reboot, mergemaster -p, installworld, reboot.

It is very important to reboot before installworld, as base system components in the capabilities8 branch, such as dhclient, gzip, and tcpdump rely on new capability-related system calls to operate. make installworld will fail nastily if used on a kernel without capabilities support.

Check out and build Chromium

You will need to install the git port in order to check out our modified version of Chromium. Our repository includes the FreeBSD porting changes for the base Chromium components, so the below instructions are a modified version of those found on the Chromium wiki page.

First, make sure the icu package is not installed, as it will conflict with the one included with Chromium.

Next, download the patches for third-party components of the Chromium tree:


Install and configure gclient:

svn co gclient
python gclient/gclient/ config

Check out the chromium-capsicum branch from git:

git clone git:// src

We have several branches in our git repo:

You will want to select chromium-capsicum:

cd src ; git checkout chromium-capsicum ; cd ..

Sync the remainder of the tree; gclient should notice that git is being used to manage src and DTRT:

python gclient/gclient/ sync --revision src@35870

All instructions that follow require you to be in the src directory:

cd src

Apply the patches for third-party components checked out by gclient:

patch -p0 < ../svndiffs-35870.patch

Build Chromium:

export GYP_GENERATORS make && python build/gyp_chromium -D'OS=freebsd' -D'use_system_libxml=1' build/all.gyp --depth ./
gmake BUILDTYPE=Release chrome

Mount fdescfs/procfs:

mount -t procfs procfs /proc
mount -t fdescfs fdescfs /dev/fd

Run Chromium:


You can use procstat to check that some processes in Chromium are running in Capability mode:

% procstat -as | grep chrome

Look for processes with the 'C' flag in their credential, which indicates capability mode.

Chromium/Capsicum (last edited 2016-08-18T09:56:29+0000 by KubilayKocak)