Chromium + Capsicum
This wiki page describes how to check out and build the experimental extensions to the FreeBSD Chromium port. Note that this requires installing experimental kernel changes as well as a modified version of Chromium, and is not for the cautious.
Install FreeBSD 8.0
Install FreeBSD 8.0, and the subversion-freebsd port. While the capabilities8 branch tracks 8-STABLE, the only guaranteed upgrade path is from 8.0, as "downgrades" on 8-STABLE are not guaranteed.
Upgrade to capabilities8
Use subversion to check out the capabilities8 branch:
svn co http://svn.freebsd.org/base/projects/capabilities8 capabilities8
This will check out a source tree in the capabilities8 directory. Build world, build kernel with our sample config file CAPABILITIES, install kernel, reboot, mergemaster -p, installworld, reboot.
It is very important to reboot before installworld, as base system components in the capabilities8 branch, such as dhclient, gzip, and tcpdump rely on new capability-related system calls to operate. make installworld will fail nastily if used on a kernel without capabilities support.
Check out and build Chromium
You will need to install the git port in order to check out our modified version of Chromium. Our repository includes the FreeBSD porting changes for the base Chromium components, so the below instructions are a modified version of those found on the Chromium wiki page.
First, make sure the icu package is not installed, as it will conflict with the one included with Chromium.
Next, download the patches for third-party components of the Chromium tree:
Install and configure gclient:
svn co http://gclient.googlecode.com/svn/trunk/ gclient python gclient/gclient/gclient.py config http://src.chromium.org/svn/trunk/src
Check out the chromium-capsicum branch from git:
git clone git://github.com/rwatson/chromium-capsicum.git src
We have several branches in our git repo:
- trunk -- the Chromium baseline we work from, cloned from git.chromium.org
- chromium-freebsd -- trunk + Ben Laurie and Sprewell's FreeBSD port patches
- chromium-capsicum -- chromium-freebsd plus our Capsicum changes
You will want to select chromium-capsicum:
cd src ; git checkout chromium-capsicum ; cd ..
Sync the remainder of the tree; gclient should notice that git is being used to manage src and DTRT:
python gclient/gclient/gclient.py sync --revision src@35870
All instructions that follow require you to be in the src directory:
Apply the patches for third-party components checked out by gclient:
patch -p0 < ../svndiffs-35870.patch
export GYP_GENERATORS make && python build/gyp_chromium -D'OS=freebsd' -D'use_system_libxml=1' build/all.gyp --depth ./ gmake BUILDTYPE=Release chrome
mount -t procfs procfs /proc mount -t fdescfs fdescfs /dev/fd
You can use procstat to check that some processes in Chromium are running in Capability mode:
% procstat -as | grep chrome
Look for processes with the 'C' flag in their credential, which indicates capability mode.