forked from lix-project/lix
Add build dependency for libseccomp
We're going to use libseccomp instead of creating the raw BPF program, because we have different syscall numbers on different architectures. Although our initial seccomp rules will be quite small it really doesn't make sense to generate the raw BPF program because we need to duplicate it and/or make branches on every single architecture we want to suuport. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
e8838713df
commit
1c52e344c4
4 changed files with 16 additions and 1 deletions
|
@ -10,6 +10,7 @@ OPENSSL_LIBS = @OPENSSL_LIBS@
|
||||||
PACKAGE_NAME = @PACKAGE_NAME@
|
PACKAGE_NAME = @PACKAGE_NAME@
|
||||||
PACKAGE_VERSION = @PACKAGE_VERSION@
|
PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||||
SODIUM_LIBS = @SODIUM_LIBS@
|
SODIUM_LIBS = @SODIUM_LIBS@
|
||||||
|
LIBSECCOMP_LIBS = @LIBSECCOMP_LIBS@
|
||||||
LIBLZMA_LIBS = @LIBLZMA_LIBS@
|
LIBLZMA_LIBS = @LIBLZMA_LIBS@
|
||||||
SQLITE3_LIBS = @SQLITE3_LIBS@
|
SQLITE3_LIBS = @SQLITE3_LIBS@
|
||||||
bash = @bash@
|
bash = @bash@
|
||||||
|
|
|
@ -194,6 +194,15 @@ AC_SUBST(HAVE_SODIUM, [$have_sodium])
|
||||||
PKG_CHECK_MODULES([LIBLZMA], [liblzma], [CXXFLAGS="$LIBLZMA_CFLAGS $CXXFLAGS"])
|
PKG_CHECK_MODULES([LIBLZMA], [liblzma], [CXXFLAGS="$LIBLZMA_CFLAGS $CXXFLAGS"])
|
||||||
|
|
||||||
|
|
||||||
|
# Look for libseccomp, required for Linux sandboxing.
|
||||||
|
if test "$sys_name" = linux; then
|
||||||
|
PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
|
||||||
|
[CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
|
||||||
|
# AC_CHECK_LIB([seccomp], [seccomp_init], [true],
|
||||||
|
# [AC_MSG_ERROR([Nix requires libseccomp for sandboxing. See https://github.com/seccomp/libseccomp.])])
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Look for aws-cpp-sdk-s3.
|
# Look for aws-cpp-sdk-s3.
|
||||||
AC_LANG_PUSH(C++)
|
AC_LANG_PUSH(C++)
|
||||||
AC_CHECK_HEADERS([aws/s3/S3Client.h],
|
AC_CHECK_HEADERS([aws/s3/S3Client.h],
|
||||||
|
|
|
@ -25,7 +25,7 @@ let
|
||||||
|
|
||||||
buildInputs =
|
buildInputs =
|
||||||
[ curl bison flex perl libxml2 libxslt bzip2 xz
|
[ curl bison flex perl libxml2 libxslt bzip2 xz
|
||||||
pkgconfig sqlite libsodium boehmgc
|
pkgconfig sqlite libsodium libseccomp boehmgc
|
||||||
docbook5 docbook5_xsl
|
docbook5 docbook5_xsl
|
||||||
autoconf-archive
|
autoconf-archive
|
||||||
] ++ lib.optional (!lib.inNixShell) git;
|
] ++ lib.optional (!lib.inNixShell) git;
|
||||||
|
@ -75,6 +75,7 @@ let
|
||||||
buildInputs =
|
buildInputs =
|
||||||
[ curl perl bzip2 xz openssl pkgconfig sqlite boehmgc ]
|
[ curl perl bzip2 xz openssl pkgconfig sqlite boehmgc ]
|
||||||
++ lib.optional stdenv.isLinux libsodium
|
++ lib.optional stdenv.isLinux libsodium
|
||||||
|
++ lib.optional stdenv.isLinux libseccomp
|
||||||
++ lib.optional stdenv.isLinux
|
++ lib.optional stdenv.isLinux
|
||||||
(aws-sdk-cpp.override {
|
(aws-sdk-cpp.override {
|
||||||
apis = ["s3"];
|
apis = ["s3"];
|
||||||
|
|
|
@ -18,6 +18,10 @@ ifeq ($(OS), SunOS)
|
||||||
libstore_LDFLAGS += -lsocket
|
libstore_LDFLAGS += -lsocket
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifeq ($(OS), Linux)
|
||||||
|
libstore_LDFLAGS += -lseccomp
|
||||||
|
endif
|
||||||
|
|
||||||
libstore_CXXFLAGS = \
|
libstore_CXXFLAGS = \
|
||||||
-DNIX_PREFIX=\"$(prefix)\" \
|
-DNIX_PREFIX=\"$(prefix)\" \
|
||||||
-DNIX_STORE_DIR=\"$(storedir)\" \
|
-DNIX_STORE_DIR=\"$(storedir)\" \
|
||||||
|
|
Loading…
Reference in a new issue