Linux: refactor setuid sandbox activation.

- Add a new --disable-setuid-sandbox flag to disable the setuid
  sandbox without disabling seccomp-bpf.
- Knowledge of whether or not the sandbox is desired is in
  browser_main_loop.cc, so move the error message.
- State intent to die with FATAL on unsupported configurations.

BUG=245376
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/16866004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206114 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 14 insertions, 1 deletions

diff --git a/content/browser/browser_main_loop.cc b/content/browser/browser_main_loop.cc
index b225da4..5a8c2fd 100644
--- a/content/browser/browser_main_loop.cc
+++ b/content/browser/browser_main_loop.cc
@@ -126,9 +126,22 @@ void SetupSandbox(const CommandLine& parsed_command_line) {
     sandbox_binary = LINUX_SANDBOX_PATH;
 #endif
 
+  const bool want_setuid_sandbox =
+      !parsed_command_line.HasSwitch(switches::kNoSandbox) &&
+      !parsed_command_line.HasSwitch(switches::kDisableSetuidSandbox);
+
+  if (want_setuid_sandbox && !sandbox_binary) {
+    // TODO(jln): make this fatal (crbug.com/245376).
+    LOG(ERROR) << "Running without the SUID sandbox! See "
+        "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment "
+        "for more information on developing with the sandbox on.\n"
+        "This check will be made FATAL. Do it!";
+  }
+
   std::string sandbox_cmd;
-  if (sandbox_binary && !parsed_command_line.HasSwitch(switches::kNoSandbox))
+  if (want_setuid_sandbox && sandbox_binary) {
     sandbox_cmd = sandbox_binary;
+  }
 
   // Tickle the sandbox host and zygote host so they fork now.
   RenderSandboxHostLinux::GetInstance()->Init(sandbox_cmd);