Index: chrome/browser/ui/webui/about_ui.cc |
diff --git a/chrome/browser/ui/webui/about_ui.cc b/chrome/browser/ui/webui/about_ui.cc |
index b93254cbad218cb6e6645e279cfa36c995a0d2e2..d15f7eb4c6b9c56e88606bca6f5f0cb499b4cf26 100644 |
--- a/chrome/browser/ui/webui/about_ui.cc |
+++ b/chrome/browser/ui/webui/about_ui.cc |
@@ -843,10 +843,8 @@ std::string AboutLinuxProxyConfig() { |
return data; |
} |
-void AboutSandboxRow(std::string* data, const std::string& prefix, int name_id, |
- bool good) { |
+void AboutSandboxRow(std::string* data, int name_id, bool good) { |
data->append("<tr><td>"); |
- data->append(prefix); |
data->append(l10n_util::GetStringUTF8(name_id)); |
if (good) { |
data->append("</td><td style='color: green;'>"); |
@@ -873,31 +871,26 @@ std::string AboutSandbox() { |
data.append("<table>"); |
- AboutSandboxRow(&data, |
- std::string(), |
- IDS_ABOUT_SANDBOX_SUID_SANDBOX, |
+ AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_SUID_SANDBOX, |
status & content::kSandboxLinuxSUID); |
- AboutSandboxRow(&data, " ", IDS_ABOUT_SANDBOX_PID_NAMESPACES, |
+ AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_NAMESPACE_SANDBOX, |
+ status & content::kSandboxLinuxUserNS); |
+ AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_PID_NAMESPACES, |
status & content::kSandboxLinuxPIDNS); |
- AboutSandboxRow(&data, " ", IDS_ABOUT_SANDBOX_NET_NAMESPACES, |
+ AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_NET_NAMESPACES, |
status & content::kSandboxLinuxNetNS); |
- AboutSandboxRow(&data, |
- std::string(), |
- IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX, |
+ AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX, |
status & content::kSandboxLinuxSeccompBPF); |
- AboutSandboxRow(&data, |
- std::string(), |
- IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX_TSYNC, |
+ AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_SECCOMP_BPF_SANDBOX_TSYNC, |
status & content::kSandboxLinuxSeccompTSYNC); |
- AboutSandboxRow(&data, |
- std::string(), |
- IDS_ABOUT_SANDBOX_YAMA_LSM, |
+ AboutSandboxRow(&data, IDS_ABOUT_SANDBOX_YAMA_LSM, |
status & content::kSandboxLinuxYama); |
data.append("</table>"); |
// The setuid sandbox is required as our first-layer sandbox. |
jln (very slow on Chromium)
2015/02/04 23:16:23
Nit: update comment.
rickyz (no longer on Chrome)
2015/02/04 23:30:21
Done.
|
- bool good_layer1 = status & content::kSandboxLinuxSUID && |
+ bool good_layer1 = (status & content::kSandboxLinuxSUID || |
+ status & content::kSandboxLinuxUserNS) && |
status & content::kSandboxLinuxPIDNS && |
status & content::kSandboxLinuxNetNS; |
// A second-layer sandbox is also required to be adequately sandboxed. |