chromium: Disable legacy seccomp sandbox in v23.
This removes the patch introduced in 949afcc0f2d82cb00a7f0ca9c0dc4b45f8fe273f. The reason behind this is because even though we patch in the legacy seccomp sandbox by default, it won't be used anyway as both cannot coexist anymore. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
10679a7ba6
commit
17fe198695
@ -80,12 +80,11 @@ let
|
||||
xdg_utils yasm zlib
|
||||
];
|
||||
|
||||
seccompPatch = let
|
||||
maybeSeccompPatch = let
|
||||
pre22 = versionOlder sourceInfo.version "22.0.0.0";
|
||||
pre23 = versionOlder sourceInfo.version "23.0.0.0";
|
||||
in if pre22 then ./enable_seccomp.patch
|
||||
else if pre23 then ./enable_seccomp22.patch
|
||||
else ./enable_seccomp23.patch;
|
||||
patch = if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch;
|
||||
in optional pre23 patch;
|
||||
|
||||
maybeBpfTemporaryFix = let
|
||||
patch = fetchurl {
|
||||
@ -126,9 +125,9 @@ in stdenv.mkDerivation rec {
|
||||
|
||||
prePatch = "patchShebangs .";
|
||||
|
||||
patches = optional (!cfg.selinux) seccompPatch
|
||||
++ optional cfg.cups ./cups_allow_deprecated.patch
|
||||
patches = optional cfg.cups ./cups_allow_deprecated.patch
|
||||
++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch
|
||||
++ maybeSeccompPatch
|
||||
++ maybeBpfTemporaryFix;
|
||||
|
||||
postPatch = optionalString cfg.openssl ''
|
||||
|
@ -1,18 +0,0 @@
|
||||
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
|
||||
index ad73fe6..ee3e6e6 100644
|
||||
--- a/content/common/sandbox_linux.cc
|
||||
+++ b/content/common/sandbox_linux.cc
|
||||
@@ -42,13 +42,8 @@ bool IsSeccompLegacyDesired() {
|
||||
return false;
|
||||
}
|
||||
#if defined(SECCOMP_SANDBOX)
|
||||
-#if defined(NDEBUG)
|
||||
- // Off by default. Allow turning on with a switch.
|
||||
- return command_line->HasSwitch(switches::kEnableSeccompSandbox);
|
||||
-#else
|
||||
// On by default. Allow turning off with a switch.
|
||||
return !command_line->HasSwitch(switches::kDisableSeccompSandbox);
|
||||
-#endif // NDEBUG
|
||||
#endif // SECCOMP_SANDBOX
|
||||
return false;
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user