沙箱:受控的運行環境 ,不限制CPU和內存

沙箱化進程被禁用了所有系統調用,只能使用瀏覽器內核API

using-the-google-chrome-sandbox

new-approach-to-browser-security-google

Sandbox-design documents

Sandbox-FAQ

Chrome只把渲染引擎放入沙箱,沒有放插件

(In Chromium, the renderer processes are sandboxed and have this protection. Plugins for Chromium do not yet run inside the sandbox, because many are designed with the assumption that they have full access to the local system. Also note that Chromium renderer processes are isolated from the system, but not yet from the web. Therefore, domain-based data isolation is not yet provided).

通過更高級別的瀏覽器主進程來完成沙盒化進程的功能

A more privileged process can use these channels to do certain actions on behalf of the sandboxed process. In Chromium, the privileged process is usually the browser process.

單獨使用沙箱:將進程分為兩部分(進程),一部分提供可信服務,另一部分放入沙箱

The sandbox does not have any hard dependencies on the Chromium browser and was designed to be used with other Internet-facing applications.?The main hurdle is that you have to split your application into at least two interacting processes. One of the processes is privileged and does I/O and interacts with the user; the other is not privileged at all and does untrusted data processing.

與50位技術專家面對面20年技術見證，附贈技術全景圖

總結

以上是生活随笔為你收集整理的沙箱(Sandbox)的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。