Re: [meta-virtualization][hardknott][PATCH] lxc-recipe: Fix compilation without seccomp when libseccomp is installed

Sun, 18 Apr 2021 17:15:40 -0700 

Changes need to go to master first, than back ot hardknott (now that
I've branched).

So I've applied it to master for testing and will cherry pick to
hardknott.

I've also edited the patches to have an Upstream-Status field
that points to your provided pull request, since we need it in the
patches themselves, not just the commit message.

Bruce

In message: [meta-virtualization][hardknott][PATCH] lxc-recipe: Fix compilation 
without seccomp when libseccomp is installed
on 17/04/2021 [email protected] wrote:

> From: RameshkrishnanX Geddy Sekar <[email protected]>
> 
> Original URL:  https://github.com/lxc/lxc/pull/3623
> 
> Signed-off-by: RameshkrishnanX Geddy Sekar 
> <[email protected]>
> ---
>  ...fix-check-for-seccomp-notify-support.patch | 42 +++++++++++++++
>  ...p-libseccomp-tests-if-it-is-disabled.patch | 51 +++++++++++++++++++
>  recipes-containers/lxc/lxc_4.0.6.bb           |  2 +
>  3 files changed, 95 insertions(+)
>  create mode 100644 
> recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch
>  create mode 100644 
> recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch
> 
> diff --git 
> a/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch
>  
> b/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch
> new file mode 100644
> index 0000000..ed6cf7f
> --- /dev/null
> +++ 
> b/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch
> @@ -0,0 +1,42 @@
> +From a342b11fedb3010630de4909ca707ebdc0862060 Mon Sep 17 00:00:00 2001
> +From: Eneas U de Queiroz <[email protected]>
> +Date: Fri, 25 Dec 2020 13:54:14 -0300
> +Subject: [PATCH] commands: fix check for seccomp notify support
> +
> +Use HAVE_SECCOMP_NOTIFY instead of HAVE_DECL_SECCOMP_NOTIFY_FD.
> +Currently the latter will be true if the declaration is found by
> +configure, even if 'configure --disable-seccomp' is used.
> +
> +HAVE_SECCOMP_NOTIFY is defined in lxcseccomp.h if both HAVE_SECCOMP and
> +HAVE_DECL_SECCOMP_NOTIFY_FD are true, which is the correct behavior.
> +
> +Signed-off-by: Eneas U de Queiroz <[email protected]>
> +---
> + src/lxc/commands.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/lxc/commands.c b/src/lxc/commands.c
> +index a9a03ca2c..37d1abcef 100644
> +--- a/src/lxc/commands.c
> ++++ b/src/lxc/commands.c
> +@@ -501,7 +501,7 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct 
> lxc_cmd_req *req,
> + 
> + int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath)
> + {
> +-#if HAVE_DECL_SECCOMP_NOTIFY_FD
> ++#ifdef HAVE_SECCOMP_NOTIFY
> +     int ret, stopped;
> +     struct lxc_cmd_rr cmd = {
> +             .req = {
> +@@ -526,7 +526,7 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int 
> fd, struct lxc_cmd_req *re
> +                                               struct lxc_handler *handler,
> +                                               struct lxc_epoll_descr *descr)
> + {
> +-#if HAVE_DECL_SECCOMP_NOTIFY_FD
> ++#ifdef HAVE_SECCOMP_NOTIFY
> +     struct lxc_cmd_rsp rsp = {
> +             .ret = 0,
> +     };
> +-- 
> +2.17.1
> +
> diff --git 
> a/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch
>  
> b/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch
> new file mode 100644
> index 0000000..7ba992f
> --- /dev/null
> +++ 
> b/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch
> @@ -0,0 +1,51 @@
> +From 67cd8bde2d46983df8fa9f647e9fc0b96370ec29 Mon Sep 17 00:00:00 2001
> +From: Eneas U de Queiroz <[email protected]>
> +Date: Sat, 16 Jan 2021 13:54:07 -0300
> +Subject: [PATCH] configure: skip libseccomp tests if it is disabled
> +
> +Move the block checking for libseccomp api compatibility inside
> +AM_COND_IF([ENABLE_SECCOMP] ... ).
> +
> +Signed-off-by: Eneas U de Queiroz <[email protected]>
> +---
> + configure.ac | 17 ++++++++---------
> + 1 file changed, 8 insertions(+), 9 deletions(-)
> +
> +diff --git a/configure.ac b/configure.ac
> +index f58487f5d..ce6363136 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -312,6 +312,14 @@ AM_COND_IF([ENABLE_SECCOMP],
> +             AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You 
> must install the seccomp development package in order to compile lxc])])
> +             AC_SUBST([SECCOMP_LIBS], [-lseccomp])
> +             ])
> ++    # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0
> ++    OLD_CFLAGS="$CFLAGS"
> ++    CFLAGS="$CFLAGS $SECCOMP_CFLAGS"
> ++    AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]])
> ++    AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]])
> ++    AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include 
> <seccomp.h>]])
> ++    AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include 
> <seccomp.h>]])
> ++    CFLAGS="$OLD_CFLAGS"
> +     ])
> + 
> + AC_MSG_CHECKING(for static libcap)
> +@@ -359,15 +367,6 @@ AM_COND_IF([ENABLE_CAP],
> +         AC_CHECK_LIB(cap,cap_get_file, 
> AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[])
> +         AC_SUBST([CAP_LIBS], [-lcap])])
> + 
> +-# HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0
> +-OLD_CFLAGS="$CFLAGS"
> +-CFLAGS="$CFLAGS $SECCOMP_CFLAGS"
> +-AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]])
> +-AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]])
> +-AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include 
> <seccomp.h>]])
> +-AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include 
> <seccomp.h>]])
> +-CFLAGS="$OLD_CFLAGS"
> +-
> + AC_CHECK_HEADERS([linux/bpf.h], [
> +     AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include 
> <linux/bpf.h>]])
> + ], [], [])
> +-- 
> +2.17.1
> +
> diff --git a/recipes-containers/lxc/lxc_4.0.6.bb 
> b/recipes-containers/lxc/lxc_4.0.6.bb
> index b422909..c9bf3d0 100644
> --- a/recipes-containers/lxc/lxc_4.0.6.bb
> +++ b/recipes-containers/lxc/lxc_4.0.6.bb
> @@ -49,6 +49,8 @@ SRC_URI = 
> "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \
>       file://tests-add-no-validate-when-using-download-template.patch \
>       file://dnsmasq.conf \
>       file://lxc-net \
> +     file://configure-skip-libseccomp-tests-if-it-is-disabled.patch \
> +     file://commands-fix-check-for-seccomp-notify-support.patch \
>       "
>  
>  SRC_URI[md5sum] = "732571c7cb4ab845068afb227bf35256"
> -- 
> 2.17.1
> 

> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#6407): 
https://lists.yoctoproject.org/g/meta-virtualization/message/6407
Mute This Topic: https://lists.yoctoproject.org/mt/82139703/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to