about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nixos/doc/manual/configuration/grsecurity.xml4
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/doc/manual/configuration/grsecurity.xml b/nixos/doc/manual/configuration/grsecurity.xml
index 8387658f1e57..28415e89bfab 100644
--- a/nixos/doc/manual/configuration/grsecurity.xml
+++ b/nixos/doc/manual/configuration/grsecurity.xml
@@ -267,8 +267,8 @@
   <itemizedlist>
     <listitem><para>User namespaces require <literal>CAP_SYS_ADMIN</literal>:
     consequently, unprivileged namespaces are unsupported. Applications that
-    rely on namespaces for sandboxing (e.g., chromium) must use a privileged
-    helper.</para></listitem>
+    rely on namespaces for sandboxing must use a privileged helper. For chromium
+    there is <option>security.chromiumSuidSandbox.enable</option>.</para></listitem>
 
     <listitem><para>Access to EFI runtime services is disabled by default:
     this plugs a potential code injection attack vector; use
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-23 12:48:16 +0000