summaryrefslogtreecommitdiffstats
path: root/content/common/sandbox_init_linux.cc
diff options
context:
space:
mode:
authorjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-08-30 03:10:26 +0000
committerjln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-08-30 03:10:26 +0000
commitd705c2ecc8141331f29cd21b1d2fa4822bd827a1 (patch)
treea0a258894c26d9ab8bc26926e5bdfd978e9d85e2 /content/common/sandbox_init_linux.cc
parent8ddfe318975cb55f0bd198495b6db81367742afc (diff)
downloadchromium_src-d705c2ecc8141331f29cd21b1d2fa4822bd827a1.zip
chromium_src-d705c2ecc8141331f29cd21b1d2fa4822bd827a1.tar.gz
chromium_src-d705c2ecc8141331f29cd21b1d2fa4822bd827a1.tar.bz2
Linux: add a seccomp-bpf sandbox for renderers
Renderers are now sandboxed under seccomp-bpf. We also make seccomp-bpf the default sandbox, even when seccomp-legacy is enabled (which is the case in Debug builds). BUG=145327 NOTRY=true Review URL: https://chromiumcodereview.appspot.com/10885021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@154054 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_init_linux.cc')
-rw-r--r--content/common/sandbox_init_linux.cc15
1 files changed, 6 insertions, 9 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index 56830a4..1c59e9e 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -33,15 +33,12 @@ bool InitializeSandbox() {
return false;
}
- // First, try to enable seccomp-legacy.
- seccomp_legacy_started = linux_sandbox->StartSeccompLegacy(process_type);
-
- // Then, try to enable seccomp-bpf.
- // If seccomp-legacy is enabled, seccomp-bpf initialization will crash
- // instead of failing gracefully.
- // TODO(markus): fix this (crbug.com/139872).
- if (!seccomp_legacy_started) {
- seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type);
+ // First, try to enable seccomp-bpf.
+ seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type);
+
+ // If that fails, try to enable seccomp-legacy.
+ if (!seccomp_bpf_started) {
+ seccomp_legacy_started = linux_sandbox->StartSeccompLegacy(process_type);
}
return seccomp_legacy_started || seccomp_bpf_started;