Disable Chrome OS seccomp filter GPU sandbox.

content/common/sandbox_init_linux.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/public/common/sandbox_init.h"
 
 #if defined(OS_LINUX) && defined(__x86_64__)
 
 #include <asm/unistd.h>
 #include <errno.h>
@@ skipping 315 matching lines @@
 namespace content {
 
 void InitializeSandbox() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
   if (command_line.HasSwitch(switches::kNoSandbox) ||
       command_line.HasSwitch(switches::kDisableSeccompFilterSandbox))
     return;
 
   std::string process_type =
       command_line.GetSwitchValueASCII(switches::kProcessType);
-  if (process_type == switches::kGpuProcess &&
-      command_line.HasSwitch(switches::kDisableGpuSandbox))
-    return;

[jln (very slow on Chromium), 2012/05/10 03:16:39]

What about making a EnableGpuSandbox switch and have it disabled as the default
?

If you don't want to do that now, wouldn't it be cleaner and easier for us to
patch this back-in for testing if you just commented out line 337 (with a
comment explaining that it's disabled for now) ?

I would leave the rest of the code as is.

[Jorge Lucangeli Obes, 2012/05/10 03:38:34]

Agreed, having the change in only one place makes more sense.

 
   if (!CanUseSeccompFilters())
     return;
 
   CheckSingleThreaded();
 
   std::vector<struct sock_filter> program;
   EmitPreamble(&program);
 
-  if (process_type == switches::kGpuProcess) {
-    ApplyGPUPolicy(&program);
-  } else if (process_type == switches::kPpapiPluginProcess) {
+  if (process_type == switches::kPpapiPluginProcess) {
     ApplyFlashPolicy(&program);
   } else {
     NOTREACHED();
   }
 
   EmitTrap(&program);
 
   InstallSIGSYSHandler();
   InstallFilter(program);
 }
 
 }  // namespace content
 
 #else
 
 namespace content {
 
 void InitializeSandbox() {
 }
 
 }  // namespace content
 
 #endif