[systemd-devel] [PATCH] execute: Fix seccomp support on x32
Lennart Poettering
lennart at poettering.net
Mon Aug 6 04:19:56 PDT 2012
On Sat, 04.08.12 10:50, Bryan Kadzban (bryan at kadzban.is-a-geek.net) wrote:
>
> microcai wrote:
> > 2012/8/4 Lennart Poettering <lennart at poettering.net>:
> >> On Tue, 24.07.12 22:45, Jonathan Callen (abcd at gentoo.org) wrote:
> >>
> >>> In the x32 ABI, syscall numbers start at 0x40000000. Mask that
> >>> bit on x32 for lookups in the syscall_names array and
> >>> syscall_filter and ensure that syscall.h is parsed correctly.
> >> Hmpf, can't say I find this patch particularly beautiful?
> >>
> >> Can we solve this differently? For example, I'd be open to replace
> >> the direct seccomp code in systemd by some code based on libseccomp
> >> (now that libseccomp actually fixed its static global state
> >> issues). That way we should get this portability for free?
> >
> > looks like some source-based distro will blame you again :)
>
> libseccomp uses pkg-config, so it's much less of a problem IMO;
> SECCOMP_CFLAGS=" " SECCOMP_LIBS=" " will allow configure to at least
> finish properly if the library is not present. (Whether the system
> builds at all in this case is of course an issue that anyone sending
> those params to ./configure will have to deal with.)
libseccomp is a good candidate for an optional dep, much the same way as
the respective kernel option is.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list