diff options
author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-30 03:10:26 +0000 |
---|---|---|
committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-30 03:10:26 +0000 |
commit | d705c2ecc8141331f29cd21b1d2fa4822bd827a1 (patch) | |
tree | a0a258894c26d9ab8bc26926e5bdfd978e9d85e2 /content/common/sandbox_init_linux.cc | |
parent | 8ddfe318975cb55f0bd198495b6db81367742afc (diff) | |
download | chromium_src-d705c2ecc8141331f29cd21b1d2fa4822bd827a1.zip chromium_src-d705c2ecc8141331f29cd21b1d2fa4822bd827a1.tar.gz chromium_src-d705c2ecc8141331f29cd21b1d2fa4822bd827a1.tar.bz2 |
Linux: add a seccomp-bpf sandbox for renderers
Renderers are now sandboxed under seccomp-bpf.
We also make seccomp-bpf the default sandbox, even when seccomp-legacy
is enabled (which is the case in Debug builds).
BUG=145327
NOTRY=true
Review URL: https://chromiumcodereview.appspot.com/10885021
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@154054 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_init_linux.cc')
-rw-r--r-- | content/common/sandbox_init_linux.cc | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc index 56830a4..1c59e9e 100644 --- a/content/common/sandbox_init_linux.cc +++ b/content/common/sandbox_init_linux.cc @@ -33,15 +33,12 @@ bool InitializeSandbox() { return false; } - // First, try to enable seccomp-legacy. - seccomp_legacy_started = linux_sandbox->StartSeccompLegacy(process_type); - - // Then, try to enable seccomp-bpf. - // If seccomp-legacy is enabled, seccomp-bpf initialization will crash - // instead of failing gracefully. - // TODO(markus): fix this (crbug.com/139872). - if (!seccomp_legacy_started) { - seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type); + // First, try to enable seccomp-bpf. + seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type); + + // If that fails, try to enable seccomp-legacy. + if (!seccomp_bpf_started) { + seccomp_legacy_started = linux_sandbox->StartSeccompLegacy(process_type); } return seccomp_legacy_started || seccomp_bpf_started; |