linux: turn seccomp on by default in debug

content/common/seccomp_sandbox.h

Index: content/common/seccomp_sandbox.h
diff --git a/content/common/seccomp_sandbox.h b/content/common/seccomp_sandbox.h
index 0eb376483be57331e956aa8ec0678162924f7161..c1c1f8f37a31a0d86e02a2338560907d2bc1f925 100644
--- a/content/common/seccomp_sandbox.h
+++ b/content/common/seccomp_sandbox.h
@@ -29,11 +29,16 @@ static bool SeccompSandboxEnabled() {
   // TODO(evan): turn on for release too once we've flushed out all the bugs,
   // allowing us to delete this file entirely and just rely on the "disabled"
   // switch.
+#ifdef NDEBUG
+  // Off by default; allow turning on with a switch.
   return CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kEnableSeccompSandbox) &&
-      !CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kDisableSeccompSandbox);
+      switches::kEnableSeccompSandbox);
+#else
+  // On by default; allow turning off with a switch.
+  return !CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kDisableSeccompSandbox);
+#endif  // NDEBUG
 }
-#endif
+#endif  // SECCOMP_SANDBOX
 
 #endif  // CONTENT_COMMON_SECCOMP_SANDBOX_H_