"--enable-capabilities"" property="og:description"> "--enable-capabilities"" property="twitter:description"> [configure.ac] Removed dependency on libseccomp; renamed "--with-libseccomp" -> … (756ae287) · Commits · UT / clsync · GitLab "--enable-capabilities"" name="description">
redmine

[configure.ac] Removed dependency on libseccomp; renamed "--with-libseccomp" -> …

…"--enable-seccomp", "--with-capabilities" -> "--enable-capabilities"
... ... @@ -111,12 +111,12 @@ if true; then
for a1 in "--enable-cluster" "--disable-cluster"; do
# for a2 in "--enable-debug" "--disable-debug"; do
for a3 in "--enable-paranoid=0" "--enable-paranoid=1" "--enable-paranoid=2" ; do
for a4 in "--with-capabilities" "--without-capabilities"; do
for a4 in "--enable-capabilities" "--disable-capabilities"; do
for a5 in "--enable-socket" "--disable-socket"; do
for a6 in "--enable-socket-library" "--disable-socket-library"; do
for a7 in "--enable-highload-locks" ""; do
# for a8 in "--with-libcgroup" "--without-libcgroup"; do
# for a9 in "--with-libseccomp" "--without-libseccomp"; do
# for a9 in "--enable-seccomp" "--disable-seccomp"; do
arg="$a0 $a1 $a2 $a3 $a4 $a5 $a6 $a7 $a8 $a9"
build_test "$arg"
done
... ... @@ -149,7 +149,7 @@ if true; then
export CFLAGS="$CFLAGS --coverage -O0"
export PATH="$(pwd):$PATH"
build_test --enable-cluster --enable-debug --enable-paranoid=2 --with-capabilities --without-mhash
build_test --enable-cluster --enable-debug --enable-paranoid=2 --enable-capabilities --without-mhash
run_example rsyncdirect
run_example rsyncdirect --splitting=thread --threading=off
run_example rsyncdirect --splitting=process --threading=off
... ...
... ... @@ -144,6 +144,51 @@ AS_IF(
)
AS_IF([test $paranoid -eq 2], [CPPFLAGS="${CPPFLAGS} -DVERYPARANOID"])
dnl searching for seccomp
AC_ARG_ENABLE(seccomp,
AS_HELP_STRING(--enable-seccomp,
[Enable seccomp support be able to forbid extra syscalls; values: no, check, yes; default: check]),
,
[enable_seccomp=check]
)
case "$enable_seccomp" in
yes)
AC_CHECK_TYPES([struct seccomp_data], [HAVE_SECCOMP=1], [AC_MSG_FAILURE([Cannot find valid linux/seccomp.h])], [[#include <linux/seccomp.h>]])
;;
check)
AC_CHECK_TYPES([struct seccomp_data], [HAVE_SECCOMP=1], , [[#include <linux/seccomp.h>]])
;;
esac
dnl capabilities check
AC_ARG_ENABLE(capabilities,
AS_HELP_STRING(--enable-capabilities,
[Enable linux capabilities support; values: no, check, yes; default: check]),
,
[enable_capabilities=check]
)
case "$enable_capabilities" in
yes)
AC_CHECK_FUNC([capset],
[
AC_CHECK_HEADER(sys/capability.h, [HAVE_CAPABILITIES=2], [AC_MSG_FAILURE([Cannot find sys/capability.h])])
],
[
AC_MSG_FAILURE([There is no capabilities support on this system])
]
)
;;
check)
AC_CHECK_FUNC([capset],
[
AC_CHECK_HEADER(sys/capability.h, [HAVE_CAPABILITIES=2])
]
)
;;
esac
# Checks for programs.
AC_PROG_CC_C99
AC_PROG_INSTALL
... ... @@ -199,34 +244,6 @@ case "$with_libcgroup" in
;;
esac
dnl capabilities check
AC_ARG_WITH(capabilities,
AS_HELP_STRING(--with-capabilities,
[Enable linux capabilities support; values: no, check, yes; default: check]),
[],
[with_capabilities=check]
)
case "$with_capabilities" in
yes)
AC_CHECK_FUNC([capset],
[
AC_CHECK_HEADER(sys/capability.h, [HAVE_CAPABILITIES=2], [AC_MSG_FAILURE([Cannot find sys/capability.h])])
],
[
AC_MSG_FAILURE([There is no capabilities support on this system])
]
)
;;
check)
AC_CHECK_FUNC([capset],
[
AC_CHECK_HEADER(sys/capability.h, [HAVE_CAPABILITIES=2])
]
)
;;
esac
dnl tre check
#AC_ARG_WITH(tre,
... ... @@ -437,29 +454,6 @@ esac
AS_IF([test "$HAVE_INOTIFY" != ""], [AC_CHECK_FUNC([inotify_init1], [], [INOTIFY_OLD=1])])
dnl searching for seccomp
AC_ARG_WITH(libseccomp,
AS_HELP_STRING(--with-libseccomp,
[Enable seccomp support be able to forbid extra syscalls; values: no, check, yes; default: check]),
[],
[with_libseccomp=check]
)
case "$with_libseccomp" in
yes)
AC_CHECK_TYPES([scmp_filter_ctx], [], [AC_MSG_FAILURE([Cannot find valid seccomp.h])], [[#include <seccomp.h>]])
AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [AC_MSG_FAILURE([Cannot find valid seccomp.h])], [[#include <seccomp.h>]])
AC_CHECK_TYPES([struct seccomp_data], [HAVE_SECCOMP=1], [AC_MSG_FAILURE([Cannot find valid linux/seccomp.h])], [[#include <linux/seccomp.h>]])
;;
check)
AC_CHECK_TYPES([scmp_filter_ctx], [
AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [
AC_CHECK_TYPES([struct seccomp_data], [HAVE_SECCOMP=1], [], [[#include <linux/seccomp.h>]])
], [], [[#include <seccomp.h>]])
], [], [[#include <seccomp.h>]])
;;
esac
AM_CONDITIONAL([HAVE_KQUEUE], [test "x$HAVE_KQUEUE" != "x"])
AM_CONDITIONAL([HAVE_INOTIFY], [test "x$HAVE_INOTIFY" != "x"])
AM_CONDITIONAL([INOTIFY_OLD], [test "x$INOTIFY_OLD" != "x"])
... ...
... ... @@ -59,7 +59,7 @@
#include "privileged.h"
#ifdef SECCOMP_SUPPORT
# include <seccomp.h> // __NR_*
# include <syscall.h> // __NR_*
# include <sys/prctl.h> // prctl()
# include <linux/filter.h> // struct sock_filter
# include <linux/seccomp.h> // SECCOMP_RET_*
... ...