forked from Mirrors/flatpak-builder
Make seccomp optional
Several architectures does not have seccomp yet.tingping/wmclass
parent
ee0cf9a247
commit
1917e1fd38
18
configure.ac
18
configure.ac
|
@ -59,9 +59,6 @@ AC_SUBST(BASE_LIBS)
|
|||
PKG_CHECK_MODULES(SOUP, [libsoup-2.4])
|
||||
AC_SUBST(SOUP_CFLAGS)
|
||||
AC_SUBST(SOUP_LIBS)
|
||||
PKG_CHECK_MODULES(LIBSECCOMP, [libseccomp])
|
||||
AC_SUBST(LIBSECCOMP_CFLAGS)
|
||||
AC_SUBST(LIBSECCOMP_LIBS)
|
||||
PKG_CHECK_MODULES(OSTREE, [libgsystem >= 2015.1 ostree-1 >= 2015.3])
|
||||
AC_SUBST(OSTREE_CFLAGS)
|
||||
AC_SUBST(OSTREE_LIBS)
|
||||
|
@ -69,6 +66,21 @@ PKG_CHECK_MODULES(FUSE, [fuse])
|
|||
AC_SUBST(FUSE_CFLAGS)
|
||||
AC_SUBST(FUSE_LIBS)
|
||||
|
||||
AC_ARG_ENABLE([seccomp],
|
||||
AC_HELP_STRING([--disable-seccomp],
|
||||
[Disable seccomp]),
|
||||
[],
|
||||
[enable_seccomp=yes])
|
||||
|
||||
if test "x$enable_seccomp" = "xyes"; then
|
||||
PKG_CHECK_MODULES(LIBSECCOMP, [libseccomp])
|
||||
AC_SUBST(LIBSECCOMP_CFLAGS)
|
||||
AC_SUBST(LIBSECCOMP_LIBS)
|
||||
AC_DEFINE([ENABLE_SECCOMP], [1],
|
||||
[Define if using seccomp])
|
||||
fi
|
||||
|
||||
|
||||
AC_ARG_ENABLE([userns],
|
||||
AC_HELP_STRING([--disable-userns],
|
||||
[Disable User namespaces (requires setuid/setcaps)]),
|
||||
|
|
|
@ -49,7 +49,9 @@
|
|||
#include <sys/utsname.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#ifdef ENABLE_SECCOMP
|
||||
#include <seccomp.h>
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
#define __debug__(x) printf x
|
||||
|
@ -293,6 +295,7 @@ static inline int raw_clone(unsigned long flags, void *child_stack) {
|
|||
static void
|
||||
setup_seccomp (bool devel)
|
||||
{
|
||||
#ifdef ENABLE_SECCOMP
|
||||
scmp_filter_ctx seccomp;
|
||||
/**** BEGIN NOTE ON CODE SHARING
|
||||
*
|
||||
|
@ -454,6 +457,7 @@ setup_seccomp (bool devel)
|
|||
die_with_error ("Failed to install seccomp audit filter: ");
|
||||
|
||||
seccomp_release (seccomp);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
Loading…
Reference in New Issue