Linux: make current InitializeSandbox() private.

content/common/sandbox_linux.cc

Index: content/common/sandbox_linux.cc
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
index 20eedfaeebe5c4883cf774089f97778bf4d5f910..06021ae2792f7779f511c7671c9de4f6c4f87e76 100644
--- a/content/common/sandbox_linux.cc
+++ b/content/common/sandbox_linux.cc
@@ -176,6 +176,39 @@ void LinuxSandbox::PreinitializeSandbox(const std::string& process_type) {
   PreinitializeSandboxFinish(process_type);
 }
 
+bool LinuxSandbox::InitializeSandbox() {
+  bool seccomp_legacy_started = false;
+  bool seccomp_bpf_started = false;
+  LinuxSandbox* linux_sandbox = LinuxSandbox::GetInstance();
+  const std::string process_type =
+      CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+          switches::kProcessType);
+
+  // No matter what, it's always an error to call InitializeSandbox() after
+  // threads have been created.
+  if (!linux_sandbox->IsSingleThreaded()) {
+    std::string error_message = "InitializeSandbox() called with multiple "
+                                "threads in process " + process_type;
+    // TODO(jln): change this into a CHECK() once we are more comfortable it
+    // does not trigger.
+    LOG(ERROR) << error_message;
+    return false;
+  }
+
+  // Attempt to limit the future size of the address space of the process.
+  linux_sandbox->LimitAddressSpace(process_type);
+
+  // First, try to enable seccomp-bpf.
+  seccomp_bpf_started = linux_sandbox->StartSeccompBpf(process_type);
+
+  // If that fails, try to enable seccomp-legacy.
+  if (!seccomp_bpf_started) {
+    seccomp_legacy_started = linux_sandbox->StartSeccompLegacy(process_type);
+  }
+
+  return seccomp_legacy_started || seccomp_bpf_started;
+}
+
 int LinuxSandbox::GetStatus() const {
   CHECK(pre_initialized_);
   int sandbox_flags = 0;