mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-02 02:53:55 +00:00
d5c2b35b82
This enables legacy seccomp sandbox by default even on chromium 22, because the BPF sandbox is still work in progress, please see: http://crbug.com/139872 http://crbug.com/130662 Because the BPF seccomp sandbox is used in case the legacy seccomp mode initialization fails, we might need to patch this again, as soon as the BPF sandbox is fully implemented to fall back to legacy seccomp and use BPF by default. We now have two patches for "default to seccomp" - one for Chromium 21 and one for 22 or higher.
21 lines
788 B
Diff
21 lines
788 B
Diff
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
|
|
index d4618e5..108f846 100644
|
|
--- a/content/common/sandbox_linux.cc
|
|
+++ b/content/common/sandbox_linux.cc
|
|
@@ -38,15 +38,9 @@ void LogSandboxStarted(const std::string& sandbox_name) {
|
|
// Implement the command line enabling logic for seccomp-legacy.
|
|
bool IsSeccompLegacyDesired() {
|
|
#if defined(SECCOMP_SANDBOX)
|
|
-#if defined(NDEBUG)
|
|
- // Off by default; allow turning on with a switch.
|
|
- return CommandLine::ForCurrentProcess()->HasSwitch(
|
|
- switches::kEnableSeccompSandbox);
|
|
-#else
|
|
// On by default; allow turning off with a switch.
|
|
return !CommandLine::ForCurrentProcess()->HasSwitch(
|
|
switches::kDisableSeccompSandbox);
|
|
-#endif // NDEBUG
|
|
#endif // SECCOMP_SANDBOX
|
|
return false;
|
|
}
|