linux: enable seccomp sandbox by default

This is an experiment. Hopefully it will flush out problems. Use --disable-seccomp-sandbox to turn it off. BUG=36133 Review URL: http://codereview.chromium.org/647017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39358 0039d316-1c4b-4281-b951-d872f2087c98
author: evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-02-18 15:25:55 +0000
committer: evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-02-18 15:25:55 +0000
commit: aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c (patch)
tree: 8c9978289be80a397c02e3f6a0bc8b69e2833cfa /chrome/browser/zygote_main_linux.cc
parent: ecbf10d164fd0a5e622a466044400e0feca4aa1d (diff)
download: chromium_src-aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c.zip
chromium_src-aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c.tar.gz
chromium_src-aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c.tar.bz2
1 files changed, 7 insertions, 7 deletions
diff --git a/chrome/browser/zygote_main_linux.cc b/chrome/browser/zygote_main_linux.cc
index 009ba00d..a526d97 100644
--- a/chrome/browser/zygote_main_linux.cc
+++ b/chrome/browser/zygote_main_linux.cc
@@ -607,8 +607,8 @@ bool ZygoteMain(const MainFunctionParams& params) {
   // The seccomp sandbox needs access to files in /proc, which might be denied
   // after one of the other sandboxes have been started. So, obtain a suitable
   // file handle in advance.
-  if (CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableSeccompSandbox)) {
+  if (!CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kDisableSeccompSandbox)) {
     g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY);
     if (g_proc_fd < 0) {
       LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp "
@@ -629,16 +629,16 @@ bool ZygoteMain(const MainFunctionParams& params) {
   // already check if sufficient support is available so that we only need to
   // print one error message for the entire browser session.
   if (g_proc_fd >= 0 &&
-      CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableSeccompSandbox)) {
+      !CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kDisableSeccompSandbox)) {
     if (!SupportsSeccompSandbox(g_proc_fd)) {
       // There are a good number of users who cannot use the seccomp sandbox
       // (e.g. because their distribution does not enable seccomp mode by
       // default). While we would prefer to deny execution in this case, it
       // seems more realistic to continue in degraded mode.
-      LOG(ERROR) << "WARNING! This machine lacks support needed for the "
-                    "Seccomp sandbox. Running renderers with Seccomp "
-                    "sandboxing disabled.";
+      LOG(FATAL) << "WARNING! This machine lacks support needed for the "
+                    "Seccomp sandbox. Please report your system specs on "
+                    "http://code.google.com/p/chromium/issues/detail?id=36133";
     } else {
       LOG(INFO) << "Enabling experimental Seccomp sandbox.";
     }
author	evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-02-18 15:25:55 +0000
committer	evan@chromium.org <evan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-02-18 15:25:55 +0000
commit	aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c (patch)
tree	8c9978289be80a397c02e3f6a0bc8b69e2833cfa /chrome/browser/zygote_main_linux.cc
parent	ecbf10d164fd0a5e622a466044400e0feca4aa1d (diff)
download	chromium_src-aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c.zip chromium_src-aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c.tar.gz chromium_src-aeaf937b8a02b0a9b1c79e0e2f1d5f407313264c.tar.bz2