Eisfunke's Lix Fork
Find a file
aszlig b90a435332
libstore/build: Forge chown() to return success
What we basically want is a seccomp mode 2 BPF program like this but for
every architecture:

  BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)),
  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_chown, 4, 0),
  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_fchown, 3, 0),
  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_fchownat, 2, 0),
  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_lchown, 1, 0),
  BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
  BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO)

However, on 32 bit architectures we do have chown32, lchown32 and
fchown32, so we'd need to add all the architecture blurb which
libseccomp handles for us.

So we only need to make sure that we add the 32bit seccomp arch while
we're on x86_64 and otherwise we just stay at the native architecture
which was set during seccomp_init(), which more or less replicates
setting 32bit personality during runChild().

The FORCE_SUCCESS() macro here could be a bit less ugly but I think
repeating the seccomp_rule_add() all over the place is way uglier.

Another way would have been to create a vector of syscalls to iterate
over, but that would make error messages uglier because we can either
only print the (libseccomp-internal) syscall number or use
seccomp_syscall_resolve_num_arch() to get the name or even make the
vector a pair number/name, essentially duplicating everything again.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:30 +01:00
config Add config.guess, config.sub and install-sh 2013-11-25 11:26:02 +00:00
corepkgs <nix/fetchurl.nix>: Support nix-prefetch-url 2016-09-22 15:48:14 +02:00
doc/manual installation: allow profile modification to be skipped (#1072) 2016-11-03 18:02:29 +01:00
maintainers upload-release.pl: Update Nixpkgs 2016-09-07 15:34:54 +02:00
misc SSL_CERT_FILE -> NIX_SSL_CERT_FILE 2016-10-13 17:09:10 +02:00
mk Don't pass "--no-copy-dt-needed-entries" option to linker on FreeBSD. 2015-10-06 22:28:30 +02:00
perl makeFixedOutputPath(): Drop superfluous HashType argument 2016-07-26 21:25:52 +02:00
scripts installation: allow profile modification to be skipped (#1072) 2016-11-03 18:02:29 +01:00
src libstore/build: Forge chown() to return success 2016-11-16 16:48:30 +01:00
tests Fix comments parsing 2016-11-13 17:20:34 +01:00
.dir-locals.el Add .dir-locals.el for Emacs 2016-01-28 11:12:04 +01:00
.gitignore .gitignore: catch up with perl -> c conversion 2016-10-17 00:15:18 +02:00
bootstrap.sh bootstrap: Simplify & make more robust. 2011-09-06 12:11:05 +00:00
configure.ac Add build dependency for libseccomp 2016-11-16 16:48:26 +01:00
COPYING * Change this to LGPL to keep the government happy. 2006-04-25 16:41:06 +00:00
dev-shell Add 32bit linux clause to dev-shell 2016-03-22 11:38:56 +00:00
local.mk Don't depend on git when generating source tarball 2015-10-15 11:53:45 -07:00
Makefile Merge branch 'nix-build-c++' 2016-08-31 12:10:21 -04:00
Makefile.config.in Add build dependency for libseccomp 2016-11-16 16:48:26 +01:00
nix.spec.in Revert "nix.spec.in: Build from the .tar.xz file." 2016-08-30 13:38:18 +02:00
README.md Capitalize Nix 2016-07-21 11:08:13 +02:00
release.nix Add build dependency for libseccomp 2016-11-16 16:48:26 +01:00
version Bump 2016-01-20 16:34:37 +01:00

Nix, the purely functional package manager

Nix is a new take on package management that is fairly unique. Because of it's purity aspects, a lot of issues found in traditional package managers don't appear with Nix.

To find out more about the tool, usage and installation instructions, please read the manual, which is available on the Nix website at http://nixos.org/nix/manual.

Contributing

Take a look at the Hacking Section of the manual. It helps you to get started with building Nix from source.

License

Nix is released under the LGPL v2.1

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).