diff options
| author | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-04 17:52:47 +0000 |
|---|---|---|
| committer | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-04 17:52:47 +0000 |
| commit | e8c916abb296015f9b39c8684cb17be6023147e3 (patch) | |
| tree | 0b3d60785570c412ae40f241891faf5221fca9e0 /chrome/browser/zygote_host_linux.cc | |
| parent | a96ec6a0045c0b1926c9e4c553b67e42a43a430b (diff) | |
| download | chromium_src-e8c916abb296015f9b39c8684cb17be6023147e3.zip chromium_src-e8c916abb296015f9b39c8684cb17be6023147e3.tar.gz chromium_src-e8c916abb296015f9b39c8684cb17be6023147e3.tar.bz2 | |
Only enable the seccomp sandbox, if the machine actually has kernel support for
this feature, and if no other obstacle prevents us from enabling it.
Otherwise, we print a warning message and continue running without the sandbox.
This is not ideal, but given the non-trivial number of users who might not have
seccomp enabled by default, this seems the prudent approach.
BUG=26521
Review URL: http://codereview.chromium.org/341092
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30966 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/zygote_host_linux.cc')
| -rw-r--r-- | chrome/browser/zygote_host_linux.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc index aafaecc..00d082c 100644 --- a/chrome/browser/zygote_host_linux.cc +++ b/chrome/browser/zygote_host_linux.cc @@ -96,6 +96,9 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) { browser_command_line.GetSwitchValue( switches::kEnableLogging)); } + if (browser_command_line.HasSwitch(switches::kEnableSeccompSandbox)) { + cmd_line.AppendSwitch(switches::kEnableSeccompSandbox); + } const char* sandbox_binary = sandbox_cmd.c_str(); struct stat st; |