diff mbox series

[2/2] target: select procd-seccomp if kernel support is present

Message ID 20201107141812.2olgdlw3vimnbzhs@makrotopia.org
State Under Review
Delegated to: Daniel Golle
Headers show
Series enable procd security features by default | expand

Commit Message

Daniel Golle Nov. 7, 2020, 2:18 p.m. UTC
Install ld-preload hooks allowing to add seccomp filters for arbitrary
services if kernel support for seccomp is present.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 include/target.mk | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/include/target.mk b/include/target.mk
index 7a74aceb59..d8cb0e6e58 100644
--- a/include/target.mk
+++ b/include/target.mk
@@ -41,6 +41,11 @@  ifeq ($(CONFIG_SMALL_FLASH),)
 DEFAULT_PACKAGES+=procd-ujail
 endif
 
+# include seccomp ld-preload hooks if kernel supports it
+ifneq ($(CONFIG_KERNEL_SECCOMP),)
+DEFAULT_PACKAGES+=procd-seccomp
+endif
+
 # For the basic set
 DEFAULT_PACKAGES.basic:=
 # For nas targets