Building with seccomp
Hal Murray
hmurray at megapathdsl.net
Mon May 15 19:02:15 UTC 2017
devel at ntpsec.org said:
> HAVE_SECCOMP can likely be replaced with HAVE_SECCOMP_H in the code.
That seems backwards. HAVE_SECCOMP_H says (to me) that you have the header.
You may not have the library and/or maybe seccomp wasn't configured.
seccomp is only referenced by ntpd/ntp_sandbox.c I was thinking of using
only ENABLE_SECCOMP with a big comment saying that waf had checked to make
sure whatever is needed is available.
But which symbol we use is not a big deal.
Humm... How would that test (and similar ones) work in a cross compile? Is anybody actually cross compiling? If so, what platform? Maybe we should setup a test case for a Raspberry Pi.
--------
There is still the problem of should waf crash if you asked for seccomp and it won't work. Currently, it just prints a warning that is easy to miss in all the other printout.
There is a similar problem at runtime. Should ntpd crash if it was built with seccomp but gets an error trying to turn it on. (I have a handy test case.) Currently, it logs a message and continues.
--
These are my opinions. I hate spam.
More information about the devel
mailing list