diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 1a1030606cfa..b3a149c8105e 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -80,12 +80,11 @@ let xdg_utils yasm zlib ]; - seccompPatch = let + maybeSeccompPatch = let pre22 = versionOlder sourceInfo.version "22.0.0.0"; pre23 = versionOlder sourceInfo.version "23.0.0.0"; - in if pre22 then ./enable_seccomp.patch - else if pre23 then ./enable_seccomp22.patch - else ./enable_seccomp23.patch; + patch = if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch; + in optional pre23 patch; maybeBpfTemporaryFix = let patch = fetchurl { @@ -126,9 +125,9 @@ in stdenv.mkDerivation rec { prePatch = "patchShebangs ."; - patches = optional (!cfg.selinux) seccompPatch - ++ optional cfg.cups ./cups_allow_deprecated.patch + patches = optional cfg.cups ./cups_allow_deprecated.patch ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch + ++ maybeSeccompPatch ++ maybeBpfTemporaryFix; postPatch = optionalString cfg.openssl '' diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch deleted file mode 100644 index bde476adbfd5..000000000000 --- a/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc -index ad73fe6..ee3e6e6 100644 ---- a/content/common/sandbox_linux.cc -+++ b/content/common/sandbox_linux.cc -@@ -42,13 +42,8 @@ bool IsSeccompLegacyDesired() { - return false; - } - #if defined(SECCOMP_SANDBOX) --#if defined(NDEBUG) -- // Off by default. Allow turning on with a switch. -- return command_line->HasSwitch(switches::kEnableSeccompSandbox); --#else - // On by default. Allow turning off with a switch. - return !command_line->HasSwitch(switches::kDisableSeccompSandbox); --#endif // NDEBUG - #endif // SECCOMP_SANDBOX - return false; - }