chromium: Disable legacy seccomp sandbox in v23.

This removes the patch introduced in 949afcc0f2. The reason behind this is because even though we patch in the legacy seccomp sandbox by default, it won't be used anyway as both cannot coexist anymore. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2012-10-08 07:16:23 +02:00 · 2012-10-08 07:16:23 +02:00 · 17fe198695
commit 17fe198695
parent 10679a7ba6
2 changed files with 5 additions and 24 deletions
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@ -80,12 +80,11 @@ let
    xdg_utils yasm zlib
  ];

-  seccompPatch = let
+  maybeSeccompPatch = let
    pre22 = versionOlder sourceInfo.version "22.0.0.0";
    pre23 = versionOlder sourceInfo.version "23.0.0.0";
-  in if pre22 then ./enable_seccomp.patch
-     else if pre23 then ./enable_seccomp22.patch
-     else ./enable_seccomp23.patch;
+    patch = if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch;
+  in optional pre23 patch;

  maybeBpfTemporaryFix = let
    patch = fetchurl {
@ -126,9 +125,9 @@ in stdenv.mkDerivation rec {

  prePatch = "patchShebangs .";

-  patches = optional (!cfg.selinux) seccompPatch
-         ++ optional cfg.cups ./cups_allow_deprecated.patch
+  patches = optional cfg.cups ./cups_allow_deprecated.patch
         ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch
+         ++ maybeSeccompPatch
         ++ maybeBpfTemporaryFix;

  postPatch = optionalString cfg.openssl ''
--- a/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch
+++ b/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch
@ -1,18 +0,0 @@
-diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc
-index ad73fe6..ee3e6e6 100644
--- a/content/common/sandbox_linux.cc
-+++ b/content/common/sandbox_linux.cc
-@@ -42,13 +42,8 @@ bool IsSeccompLegacyDesired() {
-     return false;
-   }
- #if defined(SECCOMP_SANDBOX)
-#if defined(NDEBUG)
-  // Off by default. Allow turning on with a switch.
-  return command_line->HasSwitch(switches::kEnableSeccompSandbox);
-#else
-   // On by default. Allow turning off with a switch.
-   return !command_line->HasSwitch(switches::kDisableSeccompSandbox);
-#endif  // NDEBUG
- #endif  // SECCOMP_SANDBOX
-   return false;
- }