1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
nixpkgs/pkgs/applications/networking/browsers/chromium/enable_seccomp.patch
aszlig ef45195126 chromium: Enable seccomp by default.
If useSELinux is not set, enable seccomp mode by default and avoid building the
SUID helper sandbox at all. This involves a small patch which causes the
commandline arguments to be swapped: --disable-seccomp-sandbox to disable it,
while the option is active by default.
2012-06-22 15:53:28 -04:00

21 lines
794 B
Diff

diff --git a/content/common/seccomp_sandbox.h b/content/common/seccomp_sandbox.h
index a07d6f3..a622a35 100644
--- a/content/common/seccomp_sandbox.h
+++ b/content/common/seccomp_sandbox.h
@@ -29,15 +29,9 @@ static bool SeccompSandboxEnabled() {
// TODO(evan): turn on for release too once we've flushed out all the bugs,
// allowing us to delete this file entirely and just rely on the "disabled"
// switch.
-#ifdef NDEBUG
- // Off by default; allow turning on with a switch.
- return CommandLine::ForCurrentProcess()->HasSwitch(
- switches::kEnableSeccompSandbox);
-#else
// On by default; allow turning off with a switch.
return !CommandLine::ForCurrentProcess()->HasSwitch(
switches::kDisableSeccompSandbox);
-#endif // NDEBUG
}
#endif // SECCOMP_SANDBOX