Building with seccomp
Eric S. Raymond
esr at thyrsus.com
Mon May 15 18:43:54 UTC 2017
Matthew Selsky via devel <devel at ntpsec.org>:
> On Sat, May 13, 2017 at 10:10:23PM -0700, Hal Murray via devel wrote:
> >
> > If you are missing a library or header, --enable-seccomp gives a warning but
> > doesn't bail. Should that be changed?
> >
> > There are 3 seccomp symbols setup in config.h
> > #define ENABLE_SECCOMP 1 /* Enable seccomp */
> > #define HAVE_SECCOMP_H 1
> > #define HAVE_SECCOMP 1
> >
> > Is there any reason for more then one? It only builds on Linux. We need
> > both the header and library.
>
> HAVE_SECCOMP can likely be replaced with HAVE_SECCOMP_H in the code. And we can use ENABLE_SECCOMP or another ctx variable in waf to determine if the user wants us to check for seccomp at all (since we don't check for seccomp by default). And then we won't set the other variables if ENABLE_SECCOMP is false.
>
> If that makes sense, I can update waf to do this.
Seems right to me.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
Please consider contributing to my Patreon page at https://www.patreon.com/esr
so I can keep the invisible wheels of the Internet turning. Give generously -
the civilization you save might be your own.
More information about the devel
mailing list