configure: Add a flag to disable seccomp.
This is needed for new arches where libseccomp support doesn't exist yet. Fixes #1878.
This commit is contained in:
parent
3a5a241b32
commit
690ac7c90b
|
@ -7,6 +7,7 @@ ENABLE_S3 = @ENABLE_S3@
|
|||
HAVE_SODIUM = @HAVE_SODIUM@
|
||||
HAVE_READLINE = @HAVE_READLINE@
|
||||
HAVE_BROTLI = @HAVE_BROTLI@
|
||||
HAVE_SECCOMP = @HAVE_SECCOMP@
|
||||
LIBCURL_LIBS = @LIBCURL_LIBS@
|
||||
OPENSSL_LIBS = @OPENSSL_LIBS@
|
||||
PACKAGE_NAME = @PACKAGE_NAME@
|
||||
|
|
16
configure.ac
16
configure.ac
|
@ -186,9 +186,21 @@ AC_SUBST(HAVE_BROTLI, [$have_brotli])
|
|||
|
||||
# Look for libseccomp, required for Linux sandboxing.
|
||||
if test "$sys_name" = linux; then
|
||||
PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
|
||||
[CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
|
||||
AC_ARG_ENABLE([seccomp-sandboxing],
|
||||
AC_HELP_STRING([--disable-seccomp-sandboxing],
|
||||
[Don't build support for seccomp sandboxing (only recommended if your arch doesn't support libseccomp yet!)]
|
||||
))
|
||||
if test "x$enable_seccomp_sandboxing" != "xno"; then
|
||||
PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
|
||||
[CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
|
||||
have_seccomp=1
|
||||
else
|
||||
have_seccomp=
|
||||
fi
|
||||
else
|
||||
have_seccomp=
|
||||
fi
|
||||
AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
|
||||
|
||||
|
||||
# Look for aws-cpp-sdk-s3.
|
||||
|
|
|
@ -49,7 +49,9 @@
|
|||
#include <sys/param.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/syscall.h>
|
||||
#if HAVE_SECCOMP
|
||||
#include <seccomp.h>
|
||||
#endif
|
||||
#define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old))
|
||||
#endif
|
||||
|
||||
|
@ -2469,7 +2471,7 @@ void DerivationGoal::chownToBuilder(const Path & path)
|
|||
|
||||
void setupSeccomp()
|
||||
{
|
||||
#if __linux__
|
||||
#if __linux__ && HAVE_SECCOMP
|
||||
if (!settings.filterSyscalls) return;
|
||||
|
||||
scmp_filter_ctx ctx;
|
||||
|
|
|
@ -25,7 +25,7 @@ ifeq ($(OS), SunOS)
|
|||
libstore_LDFLAGS += -lsocket
|
||||
endif
|
||||
|
||||
ifeq ($(OS), Linux)
|
||||
ifeq ($(HAVE_SECCOMP), 1)
|
||||
libstore_LDFLAGS += -lseccomp
|
||||
endif
|
||||
|
||||
|
|
Loading…
Reference in a new issue