Bumped the version of the seccomp sandbox. In particular, we want this...

Bumped the version of the seccomp sandbox. In particular, we want this
change:

This bug was causing problems with running unittests on the buildbots.

In particular, the code that patched the signature of the restorer function was
corrupting the FPU state.

And we couldn't debug this problem easily, because the missing NX support then
broke signal handling.

Evan helped with finding a reproducible test scenario in a Hardy VM, and after
applying this change the unittest (e.g. Chrome's browser_tests) succeeds.

Description:
On older 32bit kernels (e.g. Ubuntu Hardy), the seccomp sandbox fails to handle
signals correctly. This is primarily a result of the kernel not supporting
non-executable data segments. But it also runs into problems because the
format of the signal frame is subtly different and does not appear to always
include a "magic restorer function".

This changelist removes all dependencies on NX support from the 32bit version
of the code. And it eliminates the code that patches the restorer function.

Both of these features were originally added to make it easier for gdb to
debug code that runs inside of a signal handler. But given the observed problems
with this approach, it does not seem worth the effort.

64bit code seems unaffected by all of these problems -- presumably because
that architecture is a lot more recent. So, we'll not make any changes to it.

BUG=http://code.google.com/p/seccompsandbox/issues/detail?id=5
TEST=make test

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=65608

[Markus (顧孟勤), 2010-11-09 20:58:07]

I built in my Hardy VM, and things seem to work fine with this changelist. So,
hopefully this will get us a little closer with appeasing the buildbots :-)

[evanm, 2010-11-09 21:30:35]

LGTM

[evanm, 2010-11-09 21:30:35]

LGTM

[Evan Martin, 2010-11-10 18:08:52]

I landed this, seemed fine.