From d65587d727f8c71186f64e79a30bae828a58b53d Mon Sep 17 00:00:00 2001 From: RameshkrishnanX Geddy Sekar Date: Sat, 17 Apr 2021 03:34:25 +0800 Subject: lxc-recipe: Fix compilation without seccomp when libseccomp is installed Original URL: https://github.com/lxc/lxc/pull/3623 Signed-off-by: RameshkrishnanX Geddy Sekar Signed-off-by: Bruce Ashfield --- ...ands-fix-check-for-seccomp-notify-support.patch | 44 +++++++++++++++++++ ...e-skip-libseccomp-tests-if-it-is-disabled.patch | 51 ++++++++++++++++++++++ recipes-containers/lxc/lxc_4.0.6.bb | 2 + 3 files changed, 97 insertions(+) create mode 100644 recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch create mode 100644 recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch diff --git a/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch b/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch new file mode 100644 index 00000000..391af381 --- /dev/null +++ b/recipes-containers/lxc/files/commands-fix-check-for-seccomp-notify-support.patch @@ -0,0 +1,44 @@ +From a342b11fedb3010630de4909ca707ebdc0862060 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz +Date: Fri, 25 Dec 2020 13:54:14 -0300 +Subject: [PATCH] commands: fix check for seccomp notify support + +Use HAVE_SECCOMP_NOTIFY instead of HAVE_DECL_SECCOMP_NOTIFY_FD. +Currently the latter will be true if the declaration is found by +configure, even if 'configure --disable-seccomp' is used. + +HAVE_SECCOMP_NOTIFY is defined in lxcseccomp.h if both HAVE_SECCOMP and +HAVE_DECL_SECCOMP_NOTIFY_FD are true, which is the correct behavior. + +Upstream-status: submitted https://github.com/lxc/lxc/pull/3623 + +Signed-off-by: Eneas U de Queiroz +--- + src/lxc/commands.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/commands.c b/src/lxc/commands.c +index a9a03ca2c..37d1abcef 100644 +--- a/src/lxc/commands.c ++++ b/src/lxc/commands.c +@@ -501,7 +501,7 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req, + + int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath) + { +-#if HAVE_DECL_SECCOMP_NOTIFY_FD ++#ifdef HAVE_SECCOMP_NOTIFY + int ret, stopped; + struct lxc_cmd_rr cmd = { + .req = { +@@ -526,7 +526,7 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *re + struct lxc_handler *handler, + struct lxc_epoll_descr *descr) + { +-#if HAVE_DECL_SECCOMP_NOTIFY_FD ++#ifdef HAVE_SECCOMP_NOTIFY + struct lxc_cmd_rsp rsp = { + .ret = 0, + }; +-- +2.17.1 + diff --git a/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch b/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch new file mode 100644 index 00000000..7ba992f6 --- /dev/null +++ b/recipes-containers/lxc/files/configure-skip-libseccomp-tests-if-it-is-disabled.patch @@ -0,0 +1,51 @@ +From 67cd8bde2d46983df8fa9f647e9fc0b96370ec29 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz +Date: Sat, 16 Jan 2021 13:54:07 -0300 +Subject: [PATCH] configure: skip libseccomp tests if it is disabled + +Move the block checking for libseccomp api compatibility inside +AM_COND_IF([ENABLE_SECCOMP] ... ). + +Signed-off-by: Eneas U de Queiroz +--- + configure.ac | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/configure.ac b/configure.ac +index f58487f5d..ce6363136 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -312,6 +312,14 @@ AM_COND_IF([ENABLE_SECCOMP], + AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) + AC_SUBST([SECCOMP_LIBS], [-lseccomp]) + ]) ++ # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 ++ OLD_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $SECCOMP_CFLAGS" ++ AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include ]]) ++ AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include ]]) ++ AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include ]]) ++ AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include ]]) ++ CFLAGS="$OLD_CFLAGS" + ]) + + AC_MSG_CHECKING(for static libcap) +@@ -359,15 +367,6 @@ AM_COND_IF([ENABLE_CAP], + AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[]) + AC_SUBST([CAP_LIBS], [-lcap])]) + +-# HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 +-OLD_CFLAGS="$CFLAGS" +-CFLAGS="$CFLAGS $SECCOMP_CFLAGS" +-AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include ]]) +-AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include ]]) +-AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include ]]) +-AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include ]]) +-CFLAGS="$OLD_CFLAGS" +- + AC_CHECK_HEADERS([linux/bpf.h], [ + AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include ]]) + ], [], []) +-- +2.17.1 + diff --git a/recipes-containers/lxc/lxc_4.0.6.bb b/recipes-containers/lxc/lxc_4.0.6.bb index b4229090..c9bf3d09 100644 --- a/recipes-containers/lxc/lxc_4.0.6.bb +++ b/recipes-containers/lxc/lxc_4.0.6.bb @@ -49,6 +49,8 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}/${BPN}-${PV}.tar.gz \ file://tests-add-no-validate-when-using-download-template.patch \ file://dnsmasq.conf \ file://lxc-net \ + file://configure-skip-libseccomp-tests-if-it-is-disabled.patch \ + file://commands-fix-check-for-seccomp-notify-support.patch \ " SRC_URI[md5sum] = "732571c7cb4ab845068afb227bf35256" -- cgit v1.2.3-54-g00ecf