diff options
| -rw-r--r-- | build/common.gypi | 3 | ||||
| -rw-r--r-- | chrome/browser/chromeos/login/login_utils.cc | 2 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/browser_render_process_host.cc | 3 | ||||
| -rw-r--r-- | chrome/browser/zygote_host_linux.cc | 3 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 12 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 4 | ||||
| -rw-r--r-- | chrome/renderer/renderer_main_unittest.cc | 6 | ||||
| -rw-r--r-- | chrome/test/nacl/nacl_test.cc | 2 |
8 files changed, 8 insertions, 27 deletions
diff --git a/build/common.gypi b/build/common.gypi index fb1a70d..e741a29 100644 --- a/build/common.gypi +++ b/build/common.gypi @@ -1123,9 +1123,6 @@ 'cflags': [ '-g' ], 'defines': ['USE_LINUX_BREAKPAD'], }], - ['linux_use_seccomp_sandbox==1 and buildtype!="Official"', { - 'defines': ['USE_SECCOMP_SANDBOX'], - }], ['library=="shared_library"', { # When building with shared libraries, remove the visiblity-hiding # flag. diff --git a/chrome/browser/chromeos/login/login_utils.cc b/chrome/browser/chromeos/login/login_utils.cc index fd5bed4..19cf68d 100644 --- a/chrome/browser/chromeos/login/login_utils.cc +++ b/chrome/browser/chromeos/login/login_utils.cc @@ -359,9 +359,7 @@ void LoginUtilsImpl::CompleteOffTheRecordLogin(const GURL& start_url) { switches::kLoginProfile, switches::kEnableTabbedOptions, switches::kCompressSystemFeedback, -#if defined(USE_SECCOMP_SANDBOX) switches::kDisableSeccompSandbox, -#endif #if defined(HAVE_XINPUT2) switches::kTouchDevices, #endif diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc index 61849ec..d848cd8 100644 --- a/chrome/browser/renderer_host/browser_render_process_host.cc +++ b/chrome/browser/renderer_host/browser_render_process_host.cc @@ -566,11 +566,8 @@ void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer( switches::kRendererStartupDialog, switches::kNoSandbox, switches::kTestSandbox, -#if defined(USE_SECCOMP_SANDBOX) switches::kDisableSeccompSandbox, -#else switches::kEnableSeccompSandbox, -#endif #if !defined (GOOGLE_CHROME_BUILD) // These are unsupported and not fully tested modes, so don't enable them // for official Google Chrome builds. diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc index e4e7ce3..a908e86 100644 --- a/chrome/browser/zygote_host_linux.cc +++ b/chrome/browser/zygote_host_linux.cc @@ -104,11 +104,8 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) { switches::kUserDataDir, // Make logs go to the right file. // Load (in-process) Pepper plugins in-process in the zygote pre-sandbox. switches::kRegisterPepperPlugins, -#if defined(USE_SECCOMP_SANDBOX) switches::kDisableSeccompSandbox, -#else switches::kEnableSeccompSandbox, -#endif }; cmd_line.CopySwitchesFrom(browser_command_line, kForwardSwitches, arraysize(kForwardSwitches)); diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 13c91fc..c8627be 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -1347,25 +1347,19 @@ const char kTouchDevices[] = "touch-devices"; #endif -// USE_SECCOMP_SANDBOX controls whether the seccomp sandbox is opt-in or -out. +// SeccompSandboxEnabled() controls whether we are using Seccomp. +// It is currently off by default on all platforms. // TODO(evan): unify all of these once we turn the seccomp sandbox always // on. Also remove the #include of command_line.h above. -#if defined(USE_SECCOMP_SANDBOX) + // Disable the seccomp sandbox (Linux only) const char kDisableSeccompSandbox[] = "disable-seccomp-sandbox"; -#else // Enable the seccomp sandbox (Linux only) const char kEnableSeccompSandbox[] = "enable-seccomp-sandbox"; -#endif bool SeccompSandboxEnabled() { -#if defined(USE_SECCOMP_SANDBOX) - return !CommandLine::ForCurrentProcess()->HasSwitch( - switches::kDisableSeccompSandbox); -#else return CommandLine::ForCurrentProcess()->HasSwitch( switches::kEnableSeccompSandbox); -#endif } // ----------------------------------------------------------------------------- diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 4728bd3..f68b3cf 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -401,11 +401,9 @@ extern const char kRendererCheckFalseTest[]; extern const char kTouchDevices[]; #endif -#if defined(USE_SECCOMP_SANDBOX) extern const char kDisableSeccompSandbox[]; -#else extern const char kEnableSeccompSandbox[]; -#endif + // Return true if the switches indicate the seccomp sandbox is enabled. bool SeccompSandboxEnabled(); diff --git a/chrome/renderer/renderer_main_unittest.cc b/chrome/renderer/renderer_main_unittest.cc index 310e56b..464419b 100644 --- a/chrome/renderer/renderer_main_unittest.cc +++ b/chrome/renderer/renderer_main_unittest.cc @@ -73,12 +73,12 @@ CommandLine RendererMainTest::MakeCmdLine(const std::string& procname, bool debug_on_start) { CommandLine command_line = MultiProcessTest::MakeCmdLine(procname, debug_on_start); -#if defined(USE_SECCOMP_SANDBOX) - // Turn off seccomp for this test. It's just a problem of refactoring, + + // Force seccomp off for this test. It's just a problem of refactoring, // not a bug. // http://code.google.com/p/chromium/issues/detail?id=59376 command_line.AppendSwitch(switches::kDisableSeccompSandbox); -#endif + return command_line; } diff --git a/chrome/test/nacl/nacl_test.cc b/chrome/test/nacl/nacl_test.cc index 03feb4d..8df1128 100644 --- a/chrome/test/nacl/nacl_test.cc +++ b/chrome/test/nacl/nacl_test.cc @@ -30,7 +30,7 @@ NaClTest::NaClTest() // Currently we disable some of the sandboxes. See: // Make NaCl work in Chromium's Linux seccomp sandbox and the Mac sandbox // http://code.google.com/p/nativeclient/issues/detail?id=344 -#if defined(OS_LINUX) && defined(USE_SECCOMP_SANDBOX) +#if defined(OS_LINUX) launch_arguments_.AppendSwitch(switches::kDisableSeccompSandbox); #endif launch_arguments_.AppendSwitchASCII(switches::kLoggingLevel, "0"); |