Make seccomp optional

Several architectures does not have seccomp yet.
tingping/wmclass
Alexander Larsson 2015-09-24 14:57:53 +02:00
parent ee0cf9a247
commit 1917e1fd38
2 changed files with 19 additions and 3 deletions

View File

@ -59,9 +59,6 @@ AC_SUBST(BASE_LIBS)
PKG_CHECK_MODULES(SOUP, [libsoup-2.4])
AC_SUBST(SOUP_CFLAGS)
AC_SUBST(SOUP_LIBS)
PKG_CHECK_MODULES(LIBSECCOMP, [libseccomp])
AC_SUBST(LIBSECCOMP_CFLAGS)
AC_SUBST(LIBSECCOMP_LIBS)
PKG_CHECK_MODULES(OSTREE, [libgsystem >= 2015.1 ostree-1 >= 2015.3])
AC_SUBST(OSTREE_CFLAGS)
AC_SUBST(OSTREE_LIBS)
@ -69,6 +66,21 @@ PKG_CHECK_MODULES(FUSE, [fuse])
AC_SUBST(FUSE_CFLAGS)
AC_SUBST(FUSE_LIBS)
AC_ARG_ENABLE([seccomp],
AC_HELP_STRING([--disable-seccomp],
[Disable seccomp]),
[],
[enable_seccomp=yes])
if test "x$enable_seccomp" = "xyes"; then
PKG_CHECK_MODULES(LIBSECCOMP, [libseccomp])
AC_SUBST(LIBSECCOMP_CFLAGS)
AC_SUBST(LIBSECCOMP_LIBS)
AC_DEFINE([ENABLE_SECCOMP], [1],
[Define if using seccomp])
fi
AC_ARG_ENABLE([userns],
AC_HELP_STRING([--disable-userns],
[Disable User namespaces (requires setuid/setcaps)]),

View File

@ -49,7 +49,9 @@
#include <sys/utsname.h>
#include <unistd.h>
#ifdef ENABLE_SECCOMP
#include <seccomp.h>
#endif
#if 0
#define __debug__(x) printf x
@ -293,6 +295,7 @@ static inline int raw_clone(unsigned long flags, void *child_stack) {
static void
setup_seccomp (bool devel)
{
#ifdef ENABLE_SECCOMP
scmp_filter_ctx seccomp;
/**** BEGIN NOTE ON CODE SHARING
*
@ -454,6 +457,7 @@ setup_seccomp (bool devel)
die_with_error ("Failed to install seccomp audit filter: ");
seccomp_release (seccomp);
#endif
}
static void