diff options
| author | evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-18 15:53:36 +0000 |
|---|---|---|
| committer | evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-18 15:53:36 +0000 |
| commit | 1b5d28f06eb7ae16a8d956ba47612d9ed95986e5 (patch) | |
| tree | 66ddfb9eddce7baedf463c5cb5db81204b80f43a /chrome/browser/zygote_main_linux.cc | |
| parent | aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c (diff) | |
| download | chromium_src-1b5d28f06eb7ae16a8d956ba47612d9ed95986e5.zip chromium_src-1b5d28f06eb7ae16a8d956ba47612d9ed95986e5.tar.gz chromium_src-1b5d28f06eb7ae16a8d956ba47612d9ed95986e5.tar.bz2 | |
Revert "linux: enable seccomp sandbox by default"
This reverts commit r39358.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39359 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/zygote_main_linux.cc')
| -rw-r--r-- | chrome/browser/zygote_main_linux.cc | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/chrome/browser/zygote_main_linux.cc b/chrome/browser/zygote_main_linux.cc index a526d97..009ba00d 100644 --- a/chrome/browser/zygote_main_linux.cc +++ b/chrome/browser/zygote_main_linux.cc @@ -607,8 +607,8 @@ bool ZygoteMain(const MainFunctionParams& params) { // The seccomp sandbox needs access to files in /proc, which might be denied // after one of the other sandboxes have been started. So, obtain a suitable // file handle in advance. - if (!CommandLine::ForCurrentProcess()->HasSwitch( - switches::kDisableSeccompSandbox)) { + if (CommandLine::ForCurrentProcess()->HasSwitch( + switches::kEnableSeccompSandbox)) { g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY); if (g_proc_fd < 0) { LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp " @@ -629,16 +629,16 @@ bool ZygoteMain(const MainFunctionParams& params) { // already check if sufficient support is available so that we only need to // print one error message for the entire browser session. if (g_proc_fd >= 0 && - !CommandLine::ForCurrentProcess()->HasSwitch( - switches::kDisableSeccompSandbox)) { + CommandLine::ForCurrentProcess()->HasSwitch( + switches::kEnableSeccompSandbox)) { if (!SupportsSeccompSandbox(g_proc_fd)) { // There are a good number of users who cannot use the seccomp sandbox // (e.g. because their distribution does not enable seccomp mode by // default). While we would prefer to deny execution in this case, it // seems more realistic to continue in degraded mode. - LOG(FATAL) << "WARNING! This machine lacks support needed for the " - "Seccomp sandbox. Please report your system specs on " - "http://code.google.com/p/chromium/issues/detail?id=36133"; + LOG(ERROR) << "WARNING! This machine lacks support needed for the " + "Seccomp sandbox. Running renderers with Seccomp " + "sandboxing disabled."; } else { LOG(INFO) << "Enabling experimental Seccomp sandbox."; } |