Allow using the namespace sandbox in zygote host.

content/browser/zygote_host/zygote_host_impl_linux.h

Index: content/browser/zygote_host/zygote_host_impl_linux.h
diff --git a/content/browser/zygote_host/zygote_host_impl_linux.h b/content/browser/zygote_host/zygote_host_impl_linux.h
index e18e098088bfa04f0e5e59aac515c84c3646a43e..9c67e71756f67fad6028c852d2587ba0b1bb4e71 100644
--- a/content/browser/zygote_host/zygote_host_impl_linux.h
+++ b/content/browser/zygote_host/zygote_host_impl_linux.h
@@ -82,6 +82,12 @@ class CONTENT_EXPORT ZygoteHostImpl : public ZygoteHost {
 
   ssize_t ReadReply(void* buf, size_t buflen);
 
+  // Whether we should use the namespace sandbox instead of the setuid sandbox.
+  // Currently, the namespace sandbox is enabled when sandboxing is not
+  // disabled, the enable-namespace-sandbox switch is set, user namespaces are
+  // supported, and seccomp BPF is supported.
+  bool ShouldUseNamespaceSandbox();
+
   int control_fd_;  // the socket to the zygote
   // A lock protecting all communication with the zygote. This lock must be
   // acquired before sending a command and released after the result has been