## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## Please use "/etc/permission-hardener.d/20_user.conf" or
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc-shared is updated, this file may be
## overwritten.

## Chrome/Chromium now uses namespace-based sandboxing rather than a SUID
## sandbox for most use cases, and while the SUID sandbox is still technically
## supported [1], it's also virtually unused [2]. Chromium still works fine
## when it is stripped of its SUID bit and rendered no longer executable,
## and opening `chrome://sandbox` while in this state shows that sandboxing is
## still working perfectly fine.
##
## [1] https://chromium.googlesource.com/chromium/src/+/0e94f26e8/docs/linux_sandboxing.md
## [2] https://chromium.googlesource.com/chromium/src/+/0e94f26e8/docs/linux_suid_sandbox.md
#chrome-sandbox matchwhitelist