| Index: content/common/sandbox_init_linux.cc
|
| diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
|
| index 1dd1554ff064ceaba55fdb10b49f07530b82a0e1..5d2a18ed27a52252e3b23f159dc32c599834da5d 100644
|
| --- a/content/common/sandbox_init_linux.cc
|
| +++ b/content/common/sandbox_init_linux.cc
|
| @@ -388,6 +388,27 @@ static void InstallFilter(const std::vector<struct sock_filter>& program) {
|
| PLOG_IF(FATAL, ret != 0) << "Failed to install filter.";
|
| }
|
|
|
| +static bool ShouldEnableGPUSandbox() {
|
| + // Default setting is: enabled for Linux, disabled for Chrome OS.
|
| + // '--disable-gpu-sandbox' takes precedence over '--enable-gpu-sandbox'.
|
| +#if defined(OS_CHROMEOS)
|
| + bool res = false;
|
| +#else
|
| + bool res = true;
|
| +#endif
|
| +
|
| + const CommandLine& command_line = *CommandLine::ForCurrentProcess();
|
| +
|
| + if (command_line.HasSwitch(switches::kEnableGpuSandbox)) {
|
| + res = true;
|
| + }
|
| + if (command_line.HasSwitch(switches::kDisableGpuSandbox)) {
|
| + res = false;
|
| + }
|
| +
|
| + return res;
|
| +}
|
| +
|
| } // anonymous namespace
|
|
|
| namespace content {
|
| @@ -401,7 +422,7 @@ void InitializeSandbox() {
|
| std::string process_type =
|
| command_line.GetSwitchValueASCII(switches::kProcessType);
|
| if (process_type == switches::kGpuProcess &&
|
| - command_line.HasSwitch(switches::kDisableGpuSandbox))
|
| + !ShouldEnableGPUSandbox())
|
| return;
|
|
|
| if (!CanUseSeccompFilters())
|
| @@ -442,4 +463,3 @@ void InitializeSandbox() {
|
| } // namespace content
|
|
|
| #endif
|
| -
|
|
|
Chromium Code Reviews
Issue 10534049:
Disable the seccomp filter GPU process sandbox by default on Chrome OS. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master