[mesos] branch 1.8.x updated: Allowed compiling Seccomp isolator on older kernel versions.

[abudnik]

This is an automated email from the ASF dual-hosted git repository.

abudnik pushed a commit to branch 1.8.x
in repository https://gitbox.apache.org/repos/asf/mesos.git


The following commit(s) were added to refs/heads/1.8.x by this push:
     new a684f07  Allowed compiling Seccomp isolator on older kernel versions.
a684f07 is described below

commit a684f073db683d83965fccbc7e5a308e35a7da9c
Author: Andrei Budnik <abud...@mesosphere.com>
AuthorDate: Wed May 1 11:52:49 2019 +0200

    Allowed compiling Seccomp isolator on older kernel versions.
    
    This patch removes dependency on `linux/seccomp.h` header, which
    may be missing on some Linux distributions.
    
    Review: https://reviews.apache.org/r/70567/
---
 configure.ac                                              |  8 --------
 src/slave/containerizer/mesos/isolators/linux/seccomp.cpp | 10 ++++++++--
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/configure.ac b/configure.ac
index a367c28..8f3a36e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1627,14 +1627,6 @@ The Seccomp isolator is only supported on Linux.
 -------------------------------------------------------------------
   ])])
 
-  AC_CHECK_HEADERS([linux/seccomp.h], [],
-                   [AC_MSG_ERROR([Cannot find seccomp system headers
--------------------------------------------------------------------
-Please install the Linux kernel headers and make sure that you have
-Linux kernel 3.5+ installed.
--------------------------------------------------------------------
-  ])])
-
   # Check if libseccomp prefix path was supplied and if so, add it to
   # CPPFLAGS while extending it by /include and to LDFLAGS while
   # extending it by /lib.
diff --git a/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp 
b/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
index 5624c24..bb35c6e 100644
--- a/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
+++ b/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
@@ -14,8 +14,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#include <linux/seccomp.h>
-
 #include <sys/prctl.h>
 
 #include <stout/path.hpp>
@@ -34,6 +32,14 @@ using mesos::slave::ContainerConfig;
 using mesos::slave::ContainerLaunchInfo;
 using mesos::slave::Isolator;
 
+// NOTE: The definition below was taken from the Linux Kernel sources.
+//
+// TODO(abudnik): This definition should be removed in favor of using
+// `linux/seccomp.h` once we drop support for kernels older than 3.5.
+#if !defined(SECCOMP_MODE_FILTER)
+#define SECCOMP_MODE_FILTER 2
+#endif
+
 namespace mesos {
 namespace internal {
 namespace slave {