linux: enable seccomp sandbox by default

chrome/browser/zygote_main_linux.cc

Index: chrome/browser/zygote_main_linux.cc
diff --git a/chrome/browser/zygote_main_linux.cc b/chrome/browser/zygote_main_linux.cc
index 7d877bd8abd3a73735eb5df8dd4103116be5f0eb..793c855e338c3c9e68c9a8246eae98b260adca35 100644
--- a/chrome/browser/zygote_main_linux.cc
+++ b/chrome/browser/zygote_main_linux.cc
@@ -509,8 +509,7 @@ static bool EnterSandbox() {
   // chrooted.
   const char* const sandbox_fd_string = getenv("SBX_D");
 
-  if (CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableSeccompSandbox)) {
+  if (switches::SeccompSandboxEnabled()) {
     PreSandboxInit();
     SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor);
   } else if (sandbox_fd_string) {  // Use the SUID sandbox.
@@ -618,8 +617,7 @@ bool ZygoteMain(const MainFunctionParams& params) {
   // The seccomp sandbox needs access to files in /proc, which might be denied
   // after one of the other sandboxes have been started. So, obtain a suitable
   // file handle in advance.
-  if (CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableSeccompSandbox)) {
+  if (switches::SeccompSandboxEnabled()) {
     g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY);
     if (g_proc_fd < 0) {
       LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp "
@@ -639,9 +637,7 @@ bool ZygoteMain(const MainFunctionParams& params) {
   // The seccomp sandbox will be turned on when the renderers start. But we can
   // already check if sufficient support is available so that we only need to
   // print one error message for the entire browser session.
-  if (g_proc_fd >= 0 &&
-      CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableSeccompSandbox)) {
+  if (g_proc_fd >= 0 && switches::SeccompSandboxEnabled()) {
     if (!SupportsSeccompSandbox(g_proc_fd)) {
       // There are a good number of users who cannot use the seccomp sandbox
       // (e.g. because their distribution does not enable seccomp mode by