Disable the seccomp filter GPU process sandbox by default on Chrome OS.

content/common/sandbox_init_linux.cc

Index: content/common/sandbox_init_linux.cc
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index 1dd1554ff064ceaba55fdb10b49f07530b82a0e1..919a45bbfce870027e5f9d800fa7717c43ba2fdb 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -388,6 +388,17 @@ static void InstallFilter(const std::vector<struct sock_filter>& program) {
   PLOG_IF(FATAL, ret != 0) << "Failed to install filter.";
 }
 
+static bool ShouldEnableGPUSandbox() {
+  bool res = false;
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+
+  res = !command_line.HasSwitch(switches::kDisableGpuSandbox);
+#if defined(OS_CHROMEOS)

[Chris Evans, 2012/06/11 20:52:23]

Can you get rid of this ifdef? If we have to pull the sandbox from e.g. binary
Nvidia driver on desktop Linux, I want this flag to work by default.

In terms of conflict, "disable" should win.

[Jorge Lucangeli Obes, 2012/06/11 22:56:46]

Done.

+  res = command_line.HasSwitch(switches::kEnableGpuSandbox);
+#endif
+  return res;
+}
+
 }  // anonymous namespace
 
 namespace content {
@@ -401,7 +412,7 @@ void InitializeSandbox() {
   std::string process_type =
       command_line.GetSwitchValueASCII(switches::kProcessType);
   if (process_type == switches::kGpuProcess &&
-      command_line.HasSwitch(switches::kDisableGpuSandbox))
+      !ShouldEnableGPUSandbox())
     return;
 
   if (!CanUseSeccompFilters())
@@ -442,4 +453,3 @@ void InitializeSandbox() {
 }  // namespace content
 
 #endif
-