maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

seccomp: add 32-bit ARM on aarch64-linux

Browse source 
This allows building armv[67]l-linux derivations on compatible aarch64
machines. Failure to add the architecture may result from missing
hardware support, in which case we can't run 32-bit binaries and don't
need to restrict them with seccomp anyway,
This commit is contained in:
Linus Heckemann 2018-02-20 12:30:03 +00:00
parent eb03a296c1
commit 919c3c20b3
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/libstore/build.cc
View file

@ -2491,6 +2491,10 @@ void setupSeccomp()
seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0) seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
throw SysError("unable to add X32 seccomp architecture"); throw SysError("unable to add X32 seccomp architecture");
if (settings.thisSystem == "aarch64-linux" &&
seccomp_arch_add(ctx, SCMP_ARCH_ARM) != 0)
printError("unsable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes.");
/* Prevent builders from creating setuid/setgid binaries. */ /* Prevent builders from creating setuid/setgid binaries. */
for (int perm : { S_ISUID, S_ISGID }) { for (int perm : { S_ISUID, S_ISGID }) {
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,