build: add seccomp build option

author Christian Brauner <brauner@kernel.org>

Thu, 9 Jun 2022 16:10:27 +0000 (18:10 +0200)

committer Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>

Thu, 9 Jun 2022 21:07:07 +0000 (23:07 +0200)
author Christian Brauner <brauner@kernel.org>
Thu, 9 Jun 2022 16:10:27 +0000 (18:10 +0200)
committer Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
Thu, 9 Jun 2022 21:07:07 +0000 (23:07 +0200)
diff --git a/meson.build b/meson.build

index 3ae145d392d4fd8e7be6c8a8da22b6825cfcfd9e..f6d1eecf2052744592342f19c1d22c5d1a718c8e 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -146,6 +146,7 @@ want_capabilities = get_option('capabilities')
  want_apparmor = get_option('apparmor')
  want_openssl = get_option('openssl')
  want_selinux = get_option('selinux')
+want_seccomp = get_option('seccomp')
  
  srcconf.set_quoted('DEFAULT_CGROUP_PATTERN', cgrouppattern)
  if coverity
@@ -291,41 +292,45 @@ endif
  threads = dependency('threads')
  
  ## Seccomp.
-libseccomp = dependency('libseccomp', required: false)
-srcconf.set10('HAVE_SECCOMP', libseccomp.found())
-pkgconfig_libs += libseccomp
-if libseccomp.found()
-    if libseccomp.version().version_compare('>=2.5.0')
-        # https://github.com/seccomp/libseccomp/commit/dead12bc788b259b148cc4d93b970ef0bd602b1a
-        srcconf.set10('HAVE_DECL_SECCOMP_NOTIFY_FD', true)
-    else
-        srcconf.set10('HAVE_DECL_SECCOMP_NOTIFY_FD', false)
-    endif
-
-    if libseccomp.version().version_compare('>=2.0.0')
-        # https://github.com/seccomp/libseccomp/commit/6220c8c0fc479d97b6d3e3166a4e46fbfe25a3c0
-        srcconf.set10('HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH', true)
-    else
-        srcconf.set10('HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH', false)
-    endif
-
-    seccomp_headers = '''
-    #include <seccomp.h>
-    '''
-
-    foreach decl: [
-        'scmp_filter_ctx',
-        'struct seccomp_notif_sizes',
-        'struct clone_args',
-    ]
+if want_seccomp
+    libseccomp = dependency('libseccomp', required: false)
+    srcconf.set10('HAVE_SECCOMP', libseccomp.found())
+    pkgconfig_libs += libseccomp
+    if libseccomp.found()
+        if libseccomp.version().version_compare('>=2.5.0')
+            # https://github.com/seccomp/libseccomp/commit/dead12bc788b259b148cc4d93b970ef0bd602b1a
+            srcconf.set10('HAVE_DECL_SECCOMP_NOTIFY_FD', true)
+        else
+            srcconf.set10('HAVE_DECL_SECCOMP_NOTIFY_FD', false)
+        endif
  
-        # We get -1 if the size cannot be determined
-        if cc.sizeof(decl, prefix: seccomp_headers, args: '-D_GNU_SOURCE') > 0
-            srcconf.set10('HAVE_' + decl.underscorify().to_upper(), true)
+        if libseccomp.version().version_compare('>=2.0.0')
+            # https://github.com/seccomp/libseccomp/commit/6220c8c0fc479d97b6d3e3166a4e46fbfe25a3c0
+            srcconf.set10('HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH', true)
          else
-            srcconf.set10('HAVE_' + decl.underscorify().to_upper(), false)
+            srcconf.set10('HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH', false)
          endif
-    endforeach
+
+        seccomp_headers = '''
+        #include <seccomp.h>
+        '''
+
+        foreach decl: [
+            'scmp_filter_ctx',
+            'struct seccomp_notif_sizes',
+            'struct clone_args',
+        ]
+
+            # We get -1 if the size cannot be determined
+            if cc.sizeof(decl, prefix: seccomp_headers, args: '-D_GNU_SOURCE') > 0
+                srcconf.set10('HAVE_' + decl.underscorify().to_upper(), true)
+            else
+                srcconf.set10('HAVE_' + decl.underscorify().to_upper(), false)
+            endif
+        endforeach
+    endif
+else
+    srcconf.set10('HAVE_SECCOMP', false)
  endif
  
  ## SELinux.
@@ -667,9 +672,12 @@ subdir('src/lxc/pam')
  # Library.
  liblxc_dependencies = [
      threads,
-    libseccomp,
  ]
  
+if want_seccomp
+    liblxc_dependencies += libseccomp
+endif
+
  if want_capabilities
      liblxc_dependencies += [libcap]
  endif
diff --git a/meson_options.txt b/meson_options.txt

index 19c788be61dfbe81cbdc1f87fb20cf60cbe8315c..8742583425ae329d4beac4265c1582b82763a9ba 100644 (file)
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -32,6 +32,9 @@ option('commands', type: 'boolean', value: 'true',
  option('capabilities', type: 'boolean', value: 'true',
         description: 'use capabilities')
  
+option('seccomp', type: 'boolean', value: 'true',
+       description: 'use seccomp')
+
  option('apparmor', type: 'boolean', value: 'true',
         description: 'use apparmor')
  
diff --git a/src/lxc/meson.build b/src/lxc/meson.build

index 4999b2e93fe4a6817741490122a89fddc75de639..78b873f24fa8be109c82601c29f55c04f11c26ea 100644 (file)
--- a/src/lxc/meson.build
+++ b/src/lxc/meson.build
@@ -139,7 +139,7 @@ liblxc_sources = files(
      'uuid.c',
      'uuid.h')
  
-if libseccomp.found()
+if want_seccomp and libseccomp.found()
      liblxc_sources += files('seccomp.c')
  endif
author	Christian Brauner <brauner@kernel.org>
	Thu, 9 Jun 2022 16:10:27 +0000 (18:10 +0200)
committer	Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
	Thu, 9 Jun 2022 21:07:07 +0000 (23:07 +0200)
meson.build		patch \| blob \| blame \| history
meson_options.txt		patch \| blob \| blame \| history
src/lxc/meson.build		patch \| blob \| blame \| history