Linux: move hardcoded paths to GYP variables.

This patch removes the hardcoded paths for the sandbox binary location
and the chrome binary location for the sandbox. Instead, you can now
set GYP variables for these things. Indeed, you have to set a GYP
variable in order to use the sandbox now.

GYP variables can be set on the command line, if you run gyp.py
directly, with -D key=value. Or you can export GYP_DEFINES="key=value
key2=value2".

Now, in order to use the sandbox you should set:
  linux_sandbox_path=/opt/google/chrome/chrome-sandbox
  linux_sandbox_chrome_path=/opt/google/chrome/chrome

(changing the paths as needed, of course). See the comments in
build/common.gypi

For development see
  http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment

Because developers need to setup a special sandbox binary.

http://codereview.chromium.org/149689


git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20801 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 12 insertions, 1 deletions

diff --git a/build/common.gypi b/build/common.gypi
index 4cd33e1..c19713b 100644
--- a/build/common.gypi
+++ b/build/common.gypi
@@ -90,7 +90,18 @@
     #
     # Developers should read
     #  http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment
-    'linux_suid_sandbox_restrictions': 'Path',
+    'linux_suid_sandbox_restrictions%': 'Path',
+
+    # This is the location of the sandbox binary. Chrome looks for this before
+    # running the zygote process. If found, and SUID, it will be used to
+    # sandbox the zygote process and, thus, all renderer processes.
+    'linux_sandbox_path%': '',
+
+    # If |linux_suid_sandbox_restrictions|, above, is 'Path' then only a single
+    # path is allowed to be exec'ed by the sandbox for security reasons. That
+    # path is set here. It should be the final location of the Chromium binary
+    # on the system.
+    'linux_sandbox_chrome_path%': '/opt/google/chrome/chrome',
   },
   'target_defaults': {
     'conditions': [