| Index: content/common/sandbox_init_linux.cc
|
| diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
|
| index 56830a4abb436d047c83fe54860e49245fee609c..1c59e9e6a8f50cd47ad90959d30bbca0303732c8 100644
|
| --- a/content/common/sandbox_init_linux.cc
|
| +++ b/content/common/sandbox_init_linux.cc
|
| @@ -33,15 +33,12 @@ bool InitializeSandbox() {
|
| return false;
|
| }
|
|
|
| - // First, try to enable seccomp-legacy.
|
| - seccomp_legacy_started = linux_sandbox->StartSeccompLegacy(process_type);
|
| -
|
| - // Then, try to enable seccomp-bpf.
|
| - // If seccomp-legacy is enabled, seccomp-bpf initialization will crash
|
| - // instead of failing gracefully.
|
| - // TODO(markus): fix this (crbug.com/139872).
|
| - if (!seccomp_legacy_started) {
|
| - seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type);
|
| + // First, try to enable seccomp-bpf.
|
| + seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type);
|
| +
|
| + // If that fails, try to enable seccomp-legacy.
|
| + if (!seccomp_bpf_started) {
|
| + seccomp_legacy_started = linux_sandbox->StartSeccompLegacy(process_type);
|
| }
|
|
|
| return seccomp_legacy_started || seccomp_bpf_started;
|
|
|
Chromium Code Reviews
Issue 10885021:
Linux: add a seccomp-bpf sandbox for renderers (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src