From 1917e1fd387e1cf85f3056e8c7c75fa9451384e8 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 24 Sep 2015 14:57:53 +0200 Subject: [PATCH] Make seccomp optional Several architectures does not have seccomp yet. --- configure.ac | 18 +++++++++++++++--- lib/xdg-app-helper.c | 4 ++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index c47ee344..ca31b787 100644 --- a/configure.ac +++ b/configure.ac @@ -59,9 +59,6 @@ AC_SUBST(BASE_LIBS) PKG_CHECK_MODULES(SOUP, [libsoup-2.4]) AC_SUBST(SOUP_CFLAGS) AC_SUBST(SOUP_LIBS) -PKG_CHECK_MODULES(LIBSECCOMP, [libseccomp]) -AC_SUBST(LIBSECCOMP_CFLAGS) -AC_SUBST(LIBSECCOMP_LIBS) PKG_CHECK_MODULES(OSTREE, [libgsystem >= 2015.1 ostree-1 >= 2015.3]) AC_SUBST(OSTREE_CFLAGS) AC_SUBST(OSTREE_LIBS) @@ -69,6 +66,21 @@ PKG_CHECK_MODULES(FUSE, [fuse]) AC_SUBST(FUSE_CFLAGS) AC_SUBST(FUSE_LIBS) +AC_ARG_ENABLE([seccomp], + AC_HELP_STRING([--disable-seccomp], + [Disable seccomp]), + [], + [enable_seccomp=yes]) + +if test "x$enable_seccomp" = "xyes"; then + PKG_CHECK_MODULES(LIBSECCOMP, [libseccomp]) + AC_SUBST(LIBSECCOMP_CFLAGS) + AC_SUBST(LIBSECCOMP_LIBS) + AC_DEFINE([ENABLE_SECCOMP], [1], + [Define if using seccomp]) +fi + + AC_ARG_ENABLE([userns], AC_HELP_STRING([--disable-userns], [Disable User namespaces (requires setuid/setcaps)]), diff --git a/lib/xdg-app-helper.c b/lib/xdg-app-helper.c index 45be754a..18ef2482 100644 --- a/lib/xdg-app-helper.c +++ b/lib/xdg-app-helper.c @@ -49,7 +49,9 @@ #include #include +#ifdef ENABLE_SECCOMP #include +#endif #if 0 #define __debug__(x) printf x @@ -293,6 +295,7 @@ static inline int raw_clone(unsigned long flags, void *child_stack) { static void setup_seccomp (bool devel) { +#ifdef ENABLE_SECCOMP scmp_filter_ctx seccomp; /**** BEGIN NOTE ON CODE SHARING * @@ -454,6 +457,7 @@ setup_seccomp (bool devel) die_with_error ("Failed to install seccomp audit filter: "); seccomp_release (seccomp); +#endif } static void