Building with seccomp
Matthew Selsky
Matthew.Selsky at twosigma.com
Wed May 17 00:24:08 UTC 2017
On Mon, May 15, 2017 at 12:02:15PM -0700, Hal Murray wrote:
>
> devel at ntpsec.org said:
> > HAVE_SECCOMP can likely be replaced with HAVE_SECCOMP_H in the code.
>
> That seems backwards. HAVE_SECCOMP_H says (to me) that you have the header.
> You may not have the library and/or maybe seccomp wasn't configured.
>
> seccomp is only referenced by ntpd/ntp_sandbox.c I was thinking of using
> only ENABLE_SECCOMP with a big comment saying that waf had checked to make
> sure whatever is needed is available.
>
> But which symbol we use is not a big deal.
>
> Humm... How would that test (and similar ones) work in a cross compile? Is anybody actually cross compiling? If so, what platform? Maybe we should setup a test case for a Raspberry Pi.
>
> --------
>
> There is still the problem of should waf crash if you asked for seccomp and it won't work. Currently, it just prints a warning that is easy to miss in all the other printout.
Just to close out this thread for those that don't watch the GitLab site..
I consolidated on a single symbol in config.h and I made waf have a fatal error if you requested seccomp, but either headers or libraries aren't found.
See https://gitlab.com/NTPsec/ntpsec/commit/d22805a504e2a4066a3b22f5a100319c1f72601d
Thanks,
-Matt
More information about the devel
mailing list