linux: enable seccomp sandbox by default

It seems the best way to keep the seccomp sandbox working is to have everyone's development environment have it on by default. So we turn on the seccomp sandbox, but only for non-official builds. If the build-time flag is set: --disable-seccomp-sandbox turns it off. If the build-time flag is *not* set: --enable-seccomp-sandbox turns it on. BUG=36133 Review URL: http://codereview.chromium.org/1558003 git-svn-id: http://src.chromium.org/svn/trunk/src/build@43122 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
2010-03-30 19:47:41 +00:00 · 2010-03-30 19:47:41 +00:00 · f7f2d4ced6
--- a/common.gypi
+++ b/common.gypi
@ -208,6 +208,10 @@
    # Disable TCMalloc's heapchecker.
    'linux_use_heapchecker%': 0,

+    # Turn on seccomp sandbox by default.
+    # (Note: this is disabled for official builds.)
+    'linux_use_seccomp_sandbox%': 1,
+
    # Set to select the Title Case versions of strings in GRD files.
    'use_titlecase_in_grd_files%': 0,

@ -957,6 +961,9 @@
            'cflags': [ '-gstabs' ],
            'defines': ['USE_LINUX_BREAKPAD'],
          }],
+          ['linux_use_seccomp_sandbox==1 and buildtype!="Official"', {
+            'defines': ['USE_SECCOMP_SANDBOX'],
+          }],
          ['library=="shared_library"', {
            # When building with shared libraries, remove the visiblity-hiding
            # flag.