Patchwork [PATCHv5,1/4] Adding support for libseccomp in configure and Makefile

login
register
mail settings
Submitter Eduardo Otubo
Date Aug. 1, 2012, 7:54 p.m.
Message ID <c464673dd2569b85063aa995ecf9e0716bc1212e.1343849830.git.otubo@linux.vnet.ibm.com>
Download mbox | patch
Permalink /patch/174583/
State New
Headers show

Comments

Eduardo Otubo - Aug. 1, 2012, 7:54 p.m.
Adding basic options to the configure script to use libseccomp or not.
The default is set to 'no'. If the flag --enable-libseccomp is used, the
script will check for its existence using pkg-config.

v2:
 * As I removed all the code related to seccomp from vl.c, I created
   qemu-seccomp.[ch].
 * Also making the configure script to add the specific line to
   Makefile.obj in order to compile with appropriate support to seccomp.

v3:
 * Removing the line from Makefile.obj and adding it to Makefile.objs.
 * Marking libseccomp default option to 'yes' in the configure script.

v4:
 * Now two new options added:

     --enable-seccomp-debug
     --disable-seccomp-debug

   Enabling debug will cause libseccomp to be configured with
   SCMP_ACT_TRAP. This will help users/developers to catch system calls
   that were not previously whitelisted.

Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
---
 Makefile.objs |   10 ++++++++++
 configure     |   34 ++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 0 deletions(-)

Patch

diff --git a/Makefile.objs b/Makefile.objs
index 5ebbcfa..eb4efa3 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -96,6 +96,16 @@  common-obj-y += qemu-timer.o qemu-timer-common.o
 common-obj-$(CONFIG_SLIRP) += slirp/
 
 ######################################################################
+# libseccomp
+ifeq ($(CONFIG_SECCOMP),y)
+common-obj-y += qemu-seccomp.o
+endif
+
+ifeq ($(CONFIG_SECCOMP_DEBUG),y)
+common-obj-y += qemu-seccomp-debug.o
+endif
+
+######################################################################
 # libuser
 
 user-obj-y =
diff --git a/configure b/configure
index 027a718..c12629b 100755
--- a/configure
+++ b/configure
@@ -195,6 +195,8 @@  zlib="yes"
 guest_agent="yes"
 libiscsi=""
 coroutine=""
+seccomp="yes"
+seccomp_debug="no"
 
 # parse CC options first
 for opt do
@@ -824,6 +826,14 @@  for opt do
   ;;
   --disable-guest-agent) guest_agent="no"
   ;;
+  --enable-seccomp-debug) seccomp_debug="yes"
+  ;;
+  --disable-seccomp-debug) seccomp_debug="no"
+  ;;
+  --enable-seccomp) seccomp="yes"
+  ;;
+  --disable-seccomp) seccomp="no"
+  ;;
   *) echo "ERROR: unknown option $opt"; show_help="yes"
   ;;
   esac
@@ -1110,6 +1120,10 @@  echo "  --disable-usb-redir      disable usb network redirection support"
 echo "  --enable-usb-redir       enable usb network redirection support"
 echo "  --disable-guest-agent    disable building of the QEMU Guest Agent"
 echo "  --enable-guest-agent     enable building of the QEMU Guest Agent"
+echo "  --disable-seccomp-debug  disable seccomp debug support"
+echo "  --enable-seccomp-debug   enables seccomp debug support"
+echo "  --disable-seccomp        disable seccomp support"
+echo "  --enable-seccomp         enables seccomp support"
 echo "  --with-coroutine=BACKEND coroutine backend. Supported options:"
 echo "                           gthread, ucontext, sigaltstack, windows"
 echo ""
@@ -1372,6 +1386,16 @@  EOF
 fi
 
 ##########################################
+# libseccomp check
+
+if test "$seccomp" = "yes" ; then
+    if $pkg_config libseccomp --modversion >/dev/null 2>&1; then
+        LIBS=`$pkg_config --libs libseccomp`
+    else
+        feature_not_found "libseccomp"
+    fi
+fi
+##########################################
 # xen probe
 
 if test "$xen" != "no" ; then
@@ -3103,6 +3127,8 @@  echo "usb net redir     $usb_redir"
 echo "OpenGL support    $opengl"
 echo "libiscsi support  $libiscsi"
 echo "build guest agent $guest_agent"
+echo "seccomp support   $seccomp"
+echo "seccomp debug     $seccomp_debug"
 echo "coroutine backend $coroutine_backend"
 
 if test "$sdl_too_old" = "yes"; then
@@ -3401,6 +3427,14 @@  if test "$libiscsi" = "yes" ; then
   echo "CONFIG_LIBISCSI=y" >> $config_host_mak
 fi
 
+if test "$seccomp" = "yes"; then
+  echo "CONFIG_SECCOMP=y" >> $config_host_mak
+fi
+
+if test "$seccomp_debug" = "yes"; then
+  echo "CONFIG_SECCOMP_DEBUG=y" >> $config_host_mak
+fi
+
 # XXX: suppress that
 if [ "$bsd" = "yes" ] ; then
   echo "CONFIG_BSD=y" >> $config_host_mak