From 17fe198695572fb944bf3b3f6f1faaced63c508d Mon Sep 17 00:00:00 2001 From: aszlig Date: Mon, 8 Oct 2012 07:16:23 +0200 Subject: [PATCH] chromium: Disable legacy seccomp sandbox in v23. This removes the patch introduced in 949afcc0f2d82cb00a7f0ca9c0dc4b45f8fe273f. The reason behind this is because even though we patch in the legacy seccomp sandbox by default, it won't be used anyway as both cannot coexist anymore. Signed-off-by: aszlig --- .../networking/browsers/chromium/default.nix | 11 +++++------ .../browsers/chromium/enable_seccomp23.patch | 18 ------------------ 2 files changed, 5 insertions(+), 24 deletions(-) delete mode 100644 pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix index 1a1030606cfa..b3a149c8105e 100644 --- a/pkgs/applications/networking/browsers/chromium/default.nix +++ b/pkgs/applications/networking/browsers/chromium/default.nix @@ -80,12 +80,11 @@ let xdg_utils yasm zlib ]; - seccompPatch = let + maybeSeccompPatch = let pre22 = versionOlder sourceInfo.version "22.0.0.0"; pre23 = versionOlder sourceInfo.version "23.0.0.0"; - in if pre22 then ./enable_seccomp.patch - else if pre23 then ./enable_seccomp22.patch - else ./enable_seccomp23.patch; + patch = if pre22 then ./enable_seccomp.patch else ./enable_seccomp22.patch; + in optional pre23 patch; maybeBpfTemporaryFix = let patch = fetchurl { @@ -126,9 +125,9 @@ in stdenv.mkDerivation rec { prePatch = "patchShebangs ."; - patches = optional (!cfg.selinux) seccompPatch - ++ optional cfg.cups ./cups_allow_deprecated.patch + patches = optional cfg.cups ./cups_allow_deprecated.patch ++ optional cfg.pulseaudio ./pulseaudio_array_bounds.patch + ++ maybeSeccompPatch ++ maybeBpfTemporaryFix; postPatch = optionalString cfg.openssl '' diff --git a/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch b/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch deleted file mode 100644 index bde476adbfd5..000000000000 --- a/pkgs/applications/networking/browsers/chromium/enable_seccomp23.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc -index ad73fe6..ee3e6e6 100644 ---- a/content/common/sandbox_linux.cc -+++ b/content/common/sandbox_linux.cc -@@ -42,13 +42,8 @@ bool IsSeccompLegacyDesired() { - return false; - } - #if defined(SECCOMP_SANDBOX) --#if defined(NDEBUG) -- // Off by default. Allow turning on with a switch. -- return command_line->HasSwitch(switches::kEnableSeccompSandbox); --#else - // On by default. Allow turning off with a switch. - return !command_line->HasSwitch(switches::kDisableSeccompSandbox); --#endif // NDEBUG - #endif // SECCOMP_SANDBOX - return false; - }