chrome/common/chrome_switches.cc - Issue 1558003: linux: enable seccomp sandbox by default

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/common/chrome_switches.cc

Issue 1558003: linux: enable seccomp sandbox by default (Closed)

Patch Set: better Created 10 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/common/chrome_switches.cc

diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc

index acd11af06f1714389096e23e64ef57a6a7e10cc4..a9a9b4260cdd557af0bb3c8c883f40983d9a5f55 100644

--- a/chrome/common/chrome_switches.cc

+++ b/chrome/common/chrome_switches.cc

@@ -5,6 +5,7 @@

#include "chrome/common/chrome_switches.h"

#include "base/base_switches.h"

+#include "base/command_line.h"

namespace switches {

@@ -287,9 +288,6 @@ const char kEnablePrivacyBlacklists[] = "enable-privacy-blacklists";

// http://b/issue?id=1432077 is fixed.

const char kEnableRendererAccessibility[] = "enable-renderer-accessibility";

-// Enable the seccomp sandbox (Linux only)

-const char kEnableSeccompSandbox[] = "enable-seccomp-sandbox";

// Enables StatsTable, logging statistics to a global named shared memory table.

const char kEnableStatsTable[] = "enable-stats-table";

@@ -883,6 +881,27 @@ const char kInvalidateSyncLogin[] = "invalidate-sync-login";

const char kInvalidateSyncXmppLogin[] = "invalidate-sync-xmpp-login";

#endif

+// USE_SECCOMP_SANDBOX controls whether the seccomp sandbox is opt-in or -out.

+// TODO(evan): unify all of these once we turn the seccomp sandbox always

+// on. Also remove the #include of command_line.h above.

+#if defined(USE_SECCOMP_SANDBOX)

+// Disable the seccomp sandbox (Linux only)

+const char kDisableSeccompSandbox[] = "disable-seccomp-sandbox";

+#else

+// Enable the seccomp sandbox (Linux only)

+const char kEnableSeccompSandbox[] = "enable-seccomp-sandbox";

+#endif

+bool SeccompSandboxEnabled() {

+#if defined(USE_SECCOMP_SANDBOX)

+ return !CommandLine::ForCurrentProcess()->HasSwitch(

+ switches::kDisableSeccompSandbox);

+#else

+ return CommandLine::ForCurrentProcess()->HasSwitch(

+ switches::kEnableSeccompSandbox);

+#endif

// -----------------------------------------------------------------------------

// DO NOT ADD YOUR CRAP TO THE BOTTOM OF THIS FILE.

« no previous file with comments | « chrome/common/chrome_switches.h ('k') | chrome/renderer/renderer_main_platform_delegate_linux.cc » ('j') | no next file with comments »