Index: content/browser/browser_main_loop.cc |
diff --git a/content/browser/browser_main_loop.cc b/content/browser/browser_main_loop.cc |
index 3c39e531a9aea3f03cfb018a0ee5430a5b2bf243..19ea411538f59911c6f3024f4fba955f4200ed8f 100644 |
--- a/content/browser/browser_main_loop.cc |
+++ b/content/browser/browser_main_loop.cc |
@@ -193,41 +193,13 @@ namespace content { |
namespace { |
#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
-void SetupSandbox(const base::CommandLine& parsed_command_line) { |
- TRACE_EVENT0("startup", "SetupSandbox"); |
- base::FilePath sandbox_binary; |
- |
- scoped_ptr<sandbox::SetuidSandboxHost> setuid_sandbox_host( |
- sandbox::SetuidSandboxHost::Create()); |
- |
- const bool want_setuid_sandbox = |
- !parsed_command_line.HasSwitch(switches::kNoSandbox) && |
- !parsed_command_line.HasSwitch(switches::kDisableSetuidSandbox) && |
- !setuid_sandbox_host->IsDisabledViaEnvironment(); |
- |
- static const char no_suid_error[] = |
- "Running without the SUID sandbox! See " |
- "https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md " |
- "for more information on developing with the sandbox on."; |
- if (want_setuid_sandbox) { |
- sandbox_binary = setuid_sandbox_host->GetSandboxBinaryPath(); |
- if (sandbox_binary.empty()) { |
- // This needs to be fatal. Talk to security@chromium.org if you feel |
- // otherwise. |
- LOG(FATAL) << no_suid_error; |
- } |
- } else { |
- LOG(ERROR) << no_suid_error; |
- } |
Dirk Pranke
2016/03/29 21:17:47
Do we need to keep this logic on ChromeOS (i.e., c
|
- |
- // Tickle the sandbox host and zygote host so they fork now. |
+void TickleSandbox() { |
RenderSandboxHostLinux::GetInstance()->Init(); |
- ZygoteHostImpl::GetInstance()->Init(sandbox_binary.value()); |
+ // ZygoteHostImpl::GetInstance()->Init(sandbox_binary.value()); |
mdempsky
2016/03/29 19:02:47
We still need to call Init here.
|
*GetGenericZygote() = CreateZygote(); |
RenderProcessHostImpl::EarlyZygoteLaunch(); |
} |
#endif |
- |
#if defined(USE_GLIB) |
static void GLibLogHandler(const gchar* log_domain, |
GLogLevelFlags log_level, |
@@ -440,11 +412,8 @@ void BrowserMainLoop::EarlyInitialization() { |
TRACK_SCOPED_REGION("Startup", "BrowserMainLoop::EarlyInitialization"); |
#if defined(OS_POSIX) && !defined(OS_MACOSX) && !defined(OS_ANDROID) |
- // No thread should be created before this call, as SetupSandbox() |
- // will end-up using fork(). |
- SetupSandbox(parsed_command_line_); |
+ TickleSandbox(); |
#endif |
- |
#if defined(USE_X11) |
if (UsingInProcessGpu()) { |
if (!gfx::InitializeThreadedX11()) { |