public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chromium: Disable legacy seccomp sandbox in v23.

Browse Source 
This removes the patch introduced in 949afcc0f2d82cb00a7f0ca9c0dc4b45f8fe273f.
The reason behind this is because even though we patch in the legacy seccomp
sandbox by default, it won't be used anyway as both cannot coexist anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2012-10-08 07:16:23 +02:00
parent 10679a7ba6
commit 17fe198695
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
2 changed files with 5 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkgs/applications/networking/browsers/chromium/default.nix
View File

@ -80,12 +80,11 @@ let
xdg_utils yasm zlib
];
seccompPatch = let
maybeSeccompPatch = let
pre22 = versionOlder sourceInfo.version "22.0.0.0";
pre23 = versionOlder sourceInfo.version "23.0.0.0";
in if pre22 then ./enable_seccomp.patch
else if pre23 then ./enable_seccomp22.patch
else ./enable_seccomp23.patch;
patch = if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch;
in optional pre23 patch;
maybeBpfTemporaryFix = let
patch = fetchurl {
@ -126,9 +125,9 @@ in stdenv.mkDerivation rec {
prePatch = "patchShebangs .";
patches = optional (!cfg.selinux) seccompPatch
++ optional cfg.cups ./cups_allow_deprecated.patch
patches = optional cfg.cups ./cups_allow_deprecated.patch
++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch
++ maybeSeccompPatch
++ maybeBpfTemporaryFix;
postPatch = optionalString cfg.openssl ''

18
pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch
View File

@ -1,18 +0,0 @@
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
index ad73fe6..ee3e6e6 100644
--- a/content/common/sandbox_linux.cc
+++ b/content/common/sandbox_linux.cc
@@ -42,13 +42,8 @@ bool IsSeccompLegacyDesired() {
return false;
}
#if defined(SECCOMP_SANDBOX)
-#if defined(NDEBUG)
- // Off by default. Allow turning on with a switch.
- return command_line->HasSwitch(switches::kEnableSeccompSandbox);
-#else
// On by default. Allow turning off with a switch.
return !command_line->HasSwitch(switches::kDisableSeccompSandbox);
-#endif // NDEBUG
#endif // SECCOMP_SANDBOX
return false;
}