diff options
-rw-r--r-- | nixos/doc/manual/configuration/grsecurity.xml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/doc/manual/configuration/grsecurity.xml b/nixos/doc/manual/configuration/grsecurity.xml index 8387658f1e57..28415e89bfab 100644 --- a/nixos/doc/manual/configuration/grsecurity.xml +++ b/nixos/doc/manual/configuration/grsecurity.xml @@ -267,8 +267,8 @@ <itemizedlist> <listitem><para>User namespaces require <literal>CAP_SYS_ADMIN</literal>: consequently, unprivileged namespaces are unsupported. Applications that - rely on namespaces for sandboxing (e.g., chromium) must use a privileged - helper.</para></listitem> + rely on namespaces for sandboxing must use a privileged helper. For chromium + there is <option>security.chromiumSuidSandbox.enable</option>.</para></listitem> <listitem><para>Access to EFI runtime services is disabled by default: this plugs a potential code injection attack vector; use |