configure: Add a flag to disable seccomp.

This is needed for new arches where libseccomp support doesn't exist
yet.

Fixes #1878.
This commit is contained in:
Shea Levy 2018-02-18 02:35:01 -05:00
parent 3a5a241b32
commit 690ac7c90b
No known key found for this signature in database
GPG key ID: 5C0BD6957D86FE27
4 changed files with 19 additions and 4 deletions

View file

@ -7,6 +7,7 @@ ENABLE_S3 = @ENABLE_S3@
HAVE_SODIUM = @HAVE_SODIUM@ HAVE_SODIUM = @HAVE_SODIUM@
HAVE_READLINE = @HAVE_READLINE@ HAVE_READLINE = @HAVE_READLINE@
HAVE_BROTLI = @HAVE_BROTLI@ HAVE_BROTLI = @HAVE_BROTLI@
HAVE_SECCOMP = @HAVE_SECCOMP@
LIBCURL_LIBS = @LIBCURL_LIBS@ LIBCURL_LIBS = @LIBCURL_LIBS@
OPENSSL_LIBS = @OPENSSL_LIBS@ OPENSSL_LIBS = @OPENSSL_LIBS@
PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_NAME = @PACKAGE_NAME@

View file

@ -186,9 +186,21 @@ AC_SUBST(HAVE_BROTLI, [$have_brotli])
# Look for libseccomp, required for Linux sandboxing. # Look for libseccomp, required for Linux sandboxing.
if test "$sys_name" = linux; then if test "$sys_name" = linux; then
AC_ARG_ENABLE([seccomp-sandboxing],
AC_HELP_STRING([--disable-seccomp-sandboxing],
[Don't build support for seccomp sandboxing (only recommended if your arch doesn't support libseccomp yet!)]
))
if test "x$enable_seccomp_sandboxing" != "xno"; then
PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp], PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
[CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"]) [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
have_seccomp=1
else
have_seccomp=
fi
else
have_seccomp=
fi fi
AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
# Look for aws-cpp-sdk-s3. # Look for aws-cpp-sdk-s3.

View file

@ -49,7 +49,9 @@
#include <sys/param.h> #include <sys/param.h>
#include <sys/mount.h> #include <sys/mount.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#if HAVE_SECCOMP
#include <seccomp.h> #include <seccomp.h>
#endif
#define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old)) #define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old))
#endif #endif
@ -2469,7 +2471,7 @@ void DerivationGoal::chownToBuilder(const Path & path)
void setupSeccomp() void setupSeccomp()
{ {
#if __linux__ #if __linux__ && HAVE_SECCOMP
if (!settings.filterSyscalls) return; if (!settings.filterSyscalls) return;
scmp_filter_ctx ctx; scmp_filter_ctx ctx;

View file

@ -25,7 +25,7 @@ ifeq ($(OS), SunOS)
libstore_LDFLAGS += -lsocket libstore_LDFLAGS += -lsocket
endif endif
ifeq ($(OS), Linux) ifeq ($(HAVE_SECCOMP), 1)
libstore_LDFLAGS += -lseccomp libstore_LDFLAGS += -lseccomp
endif endif