forked from Mirrors/flatpak-builder
Make seccomp optional
Several architectures does not have seccomp yet.tingping/wmclass
parent
ee0cf9a247
commit
1917e1fd38
18
configure.ac
18
configure.ac
|
@ -59,9 +59,6 @@ AC_SUBST(BASE_LIBS)
|
||||||
PKG_CHECK_MODULES(SOUP, [libsoup-2.4])
|
PKG_CHECK_MODULES(SOUP, [libsoup-2.4])
|
||||||
AC_SUBST(SOUP_CFLAGS)
|
AC_SUBST(SOUP_CFLAGS)
|
||||||
AC_SUBST(SOUP_LIBS)
|
AC_SUBST(SOUP_LIBS)
|
||||||
PKG_CHECK_MODULES(LIBSECCOMP, [libseccomp])
|
|
||||||
AC_SUBST(LIBSECCOMP_CFLAGS)
|
|
||||||
AC_SUBST(LIBSECCOMP_LIBS)
|
|
||||||
PKG_CHECK_MODULES(OSTREE, [libgsystem >= 2015.1 ostree-1 >= 2015.3])
|
PKG_CHECK_MODULES(OSTREE, [libgsystem >= 2015.1 ostree-1 >= 2015.3])
|
||||||
AC_SUBST(OSTREE_CFLAGS)
|
AC_SUBST(OSTREE_CFLAGS)
|
||||||
AC_SUBST(OSTREE_LIBS)
|
AC_SUBST(OSTREE_LIBS)
|
||||||
|
@ -69,6 +66,21 @@ PKG_CHECK_MODULES(FUSE, [fuse])
|
||||||
AC_SUBST(FUSE_CFLAGS)
|
AC_SUBST(FUSE_CFLAGS)
|
||||||
AC_SUBST(FUSE_LIBS)
|
AC_SUBST(FUSE_LIBS)
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([seccomp],
|
||||||
|
AC_HELP_STRING([--disable-seccomp],
|
||||||
|
[Disable seccomp]),
|
||||||
|
[],
|
||||||
|
[enable_seccomp=yes])
|
||||||
|
|
||||||
|
if test "x$enable_seccomp" = "xyes"; then
|
||||||
|
PKG_CHECK_MODULES(LIBSECCOMP, [libseccomp])
|
||||||
|
AC_SUBST(LIBSECCOMP_CFLAGS)
|
||||||
|
AC_SUBST(LIBSECCOMP_LIBS)
|
||||||
|
AC_DEFINE([ENABLE_SECCOMP], [1],
|
||||||
|
[Define if using seccomp])
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
AC_ARG_ENABLE([userns],
|
AC_ARG_ENABLE([userns],
|
||||||
AC_HELP_STRING([--disable-userns],
|
AC_HELP_STRING([--disable-userns],
|
||||||
[Disable User namespaces (requires setuid/setcaps)]),
|
[Disable User namespaces (requires setuid/setcaps)]),
|
||||||
|
|
|
@ -49,7 +49,9 @@
|
||||||
#include <sys/utsname.h>
|
#include <sys/utsname.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#ifdef ENABLE_SECCOMP
|
||||||
#include <seccomp.h>
|
#include <seccomp.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
#define __debug__(x) printf x
|
#define __debug__(x) printf x
|
||||||
|
@ -293,6 +295,7 @@ static inline int raw_clone(unsigned long flags, void *child_stack) {
|
||||||
static void
|
static void
|
||||||
setup_seccomp (bool devel)
|
setup_seccomp (bool devel)
|
||||||
{
|
{
|
||||||
|
#ifdef ENABLE_SECCOMP
|
||||||
scmp_filter_ctx seccomp;
|
scmp_filter_ctx seccomp;
|
||||||
/**** BEGIN NOTE ON CODE SHARING
|
/**** BEGIN NOTE ON CODE SHARING
|
||||||
*
|
*
|
||||||
|
@ -454,6 +457,7 @@ setup_seccomp (bool devel)
|
||||||
die_with_error ("Failed to install seccomp audit filter: ");
|
die_with_error ("Failed to install seccomp audit filter: ");
|
||||||
|
|
||||||
seccomp_release (seccomp);
|
seccomp_release (seccomp);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
Loading…
Reference in New Issue