Linux sandbox: change seccomp detection and initialization.

Change how we detect seccomp kernel support and its initialization.

Before, detecting seccomp kernel supports would involve starting probe processes
that would enable seccomp. A crash would mean that seccomp was not supported.

This was necessary with old kernel version and old glibc versions that were
problematic.
Now that these shouldn't exist in the field, we move the checks to unit
tests instead.

Following the refactor in https://chromiumcodereview.appspot.com/733303004/
we can greatly simplify both detection and starting of the sandbox to make the API
more sane.

BUG=434820
TBR=piman

Review URL: https://codereview.chromium.org/759473002

Cr-Commit-Position: refs/heads/master@{#305706}

1 files changed, 4 insertions, 4 deletions

diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
index cfdb69f..d439a8a 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
@@ -31,13 +31,13 @@ void SandboxBPFTestRunner::Run() {
   scoped_ptr<bpf_dsl::Policy> policy =
       bpf_tester_delegate_->GetSandboxBPFPolicy();
 
-  if (sandbox::SandboxBPF::SupportsSeccompSandbox() ==
-      sandbox::SandboxBPF::STATUS_AVAILABLE) {
+  if (sandbox::SandboxBPF::SupportsSeccompSandbox(
+          SandboxBPF::SeccompLevel::SINGLE_THREADED)) {
     // Initialize and then start the sandbox with our custom policy
     sandbox::SandboxBPF sandbox;
     sandbox.SetSandboxPolicy(policy.release());
-    SANDBOX_ASSERT(
-        sandbox.StartSandbox(sandbox::SandboxBPF::PROCESS_SINGLE_THREADED));
+    SANDBOX_ASSERT(sandbox.StartSandbox(
+        sandbox::SandboxBPF::SeccompLevel::SINGLE_THREADED));
 
     // Run the actual test.
     bpf_tester_delegate_->RunTestFunction();