949afcc0f2
The BPF renderer sandbox is now the default in 23. But still, it is not regarded as "adequately sandboxed" from Google so we still need the legacy seccomp sandbox. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
19 lines
631 B
Diff
19 lines
631 B
Diff
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
|
|
index ad73fe6..ee3e6e6 100644
|
|
--- a/content/common/sandbox_linux.cc
|
|
+++ b/content/common/sandbox_linux.cc
|
|
@@ -42,13 +42,8 @@ bool IsSeccompLegacyDesired() {
|
|
return false;
|
|
}
|
|
#if defined(SECCOMP_SANDBOX)
|
|
-#if defined(NDEBUG)
|
|
- // Off by default. Allow turning on with a switch.
|
|
- return command_line->HasSwitch(switches::kEnableSeccompSandbox);
|
|
-#else
|
|
// On by default. Allow turning off with a switch.
|
|
return !command_line->HasSwitch(switches::kDisableSeccompSandbox);
|
|
-#endif // NDEBUG
|
|
#endif // SECCOMP_SANDBOX
|
|
return false;
|
|
}
|