Index: chrome/browser/ui/webui/about_ui.cc |
diff --git a/chrome/browser/ui/webui/about_ui.cc b/chrome/browser/ui/webui/about_ui.cc |
index b568e64124c5ef054bee02353c9cdc872a79bbea..b93254cbad218cb6e6645e279cfa36c995a0d2e2 100644 |
--- a/chrome/browser/ui/webui/about_ui.cc |
+++ b/chrome/browser/ui/webui/about_ui.cc |
@@ -843,8 +843,10 @@ std::string AboutLinuxProxyConfig() { |
return data; |
} |
-void AboutSandboxRow(std::string* data, int name_id, bool good) { |
+void AboutSandboxRow(std::string* data, const std::string& prefix, int name_id, |
+ bool good) { |
data->append("<tr><td>"); |
+ data->append(prefix); |
data->append(l10n_util::GetStringUTF8(name_id)); |
if (good) { |
data->append("</td><td style='color: green;'>"); |
@@ -871,26 +873,31 @@ std::string AboutSandbox() { |
data.append("<table>"); |
- AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_SUID_SANDBOX, |
+ AboutSandboxRow(&data, |
+ std::string(), |
+ IDS_ABOUT_SANDBOX_SUID_SANDBOX, |
status & content::kSandboxLinuxSUID); |
- AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_NAMESPACE_SANDBOX, |
- status & content::kSandboxLinuxUserNS); |
- AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_PID_NAMESPACES, |
+ AboutSandboxRow(&data, " ", IDS_ABOUT_SANDBOX_PID_NAMESPACES, |
status & content::kSandboxLinuxPIDNS); |
- AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_NET_NAMESPACES, |
+ AboutSandboxRow(&data, " ", IDS_ABOUT_SANDBOX_NET_NAMESPACES, |
status & content::kSandboxLinuxNetNS); |
- AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX, |
+ AboutSandboxRow(&data, |
+ std::string(), |
+ IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX, |
status & content::kSandboxLinuxSeccompBPF); |
- AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX_TSYNC, |
+ AboutSandboxRow(&data, |
+ std::string(), |
+ IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX_TSYNC, |
status & content::kSandboxLinuxSeccompTSYNC); |
- AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_YAMA_LSM, |
+ AboutSandboxRow(&data, |
+ std::string(), |
+ IDS_ABOUT_SANDBOX_YAMA_LSM, |
status & content::kSandboxLinuxYama); |
data.append("</table>"); |
- // Require either the setuid or namespace sandbox for our first-layer sandbox. |
- bool good_layer1 = (status & content::kSandboxLinuxSUID || |
- status & content::kSandboxLinuxUserNS) && |
+ // The setuid sandbox is required as our first-layer sandbox. |
+ bool good_layer1 = status & content::kSandboxLinuxSUID && |
status & content::kSandboxLinuxPIDNS && |
status & content::kSandboxLinuxNetNS; |
// A second-layer sandbox is also required to be adequately sandboxed. |