From patchwork Sun Apr 14 00:55:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag X-Patchwork-Id: 2198 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id AA4528AA542 for ; Sat, 13 Apr 2019 15:55:32 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44hHr357jkz5GpC3; Sat, 13 Apr 2019 15:55:31 +0100 (BST) Received: from jonatan.builders.ipfire.org (fw01.ipfire.org [172.28.1.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44hHr15LM5z5GpBS; Sat, 13 Apr 2019 15:55:29 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1555167329; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=bHh9Ux9lMnotrEUbE09rK2HpjVGu2buZ2sRr0JT2+Ic=; b=Smi30Np//mW2xlpC7NUDjpVsp5m4YUkFfem8lwQ5UbkdG/jvlIQRmlalmQMVOgIwzHcOD6 igL7MOwtfLakmcCan1SA86hPlZnDsIDyCPcaQPE0dMWvcMWseOwFTXa4BoNytIoqQICAQh dpeDibEs46mkyUKEraUQyrzRv4p8t851kHCG5xPSmoD2a5lhSQV/qBmkzUXxyU/sEh4Lrz kfRfPC9ID4b2AKtZgn0yYE+pi9CZO8yoMhvbEOgu9O3I18U2J2/JypDbInKo5n3iHkap3z 6NTVFBFGG3GjILvRNcrGbKp20kkxDBzwCdolppQhWjy6wmO4IJWHc9Trq5fkaA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1555167329; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=bHh9Ux9lMnotrEUbE09rK2HpjVGu2buZ2sRr0JT2+Ic=; b=d2hAlB8GMUsT+vqHB0omWnOH9/dMmlP/NENfHopQA454CAaJUuFxd5Bnokfx4Lok27hH3/ pEkhap0N+yo1GoCw== From: Jonatan Schlag To: development@lists.ipfire.org Subject: [PATCH 1/2] Add new package libseccomp Date: Sat, 13 Apr 2019 15:55:15 +0100 Message-Id: <1555167316-3677-1-git-send-email-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 1.8.3.1 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Jonatan Schlag --- config/rootfiles/packages/libseccomp | 34 ++++++++++++++ lfs/libseccomp | 87 ++++++++++++++++++++++++++++++++++++ make.sh | 1 + 3 files changed, 122 insertions(+) create mode 100644 config/rootfiles/packages/libseccomp create mode 100644 lfs/libseccomp diff --git a/config/rootfiles/packages/libseccomp b/config/rootfiles/packages/libseccomp new file mode 100644 index 0000000..3e68549 --- /dev/null +++ b/config/rootfiles/packages/libseccomp @@ -0,0 +1,34 @@ +usr/bin/scmp_sys_resolver +#usr/include/seccomp.h +#usr/lib/libseccomp.la +usr/lib/libseccomp.so +usr/lib/libseccomp.so.2 +usr/lib/libseccomp.so.2.4.0 +#usr/lib/pkgconfig/libseccomp.pc +#usr/share/man/man1/scmp_sys_resolver.1 +#usr/share/man/man3/seccomp_api_get.3 +#usr/share/man/man3/seccomp_api_set.3 +#usr/share/man/man3/seccomp_arch_add.3 +#usr/share/man/man3/seccomp_arch_exist.3 +#usr/share/man/man3/seccomp_arch_native.3 +#usr/share/man/man3/seccomp_arch_remove.3 +#usr/share/man/man3/seccomp_arch_resolve_name.3 +#usr/share/man/man3/seccomp_attr_get.3 +#usr/share/man/man3/seccomp_attr_set.3 +#usr/share/man/man3/seccomp_export_bpf.3 +#usr/share/man/man3/seccomp_export_pfc.3 +#usr/share/man/man3/seccomp_init.3 +#usr/share/man/man3/seccomp_load.3 +#usr/share/man/man3/seccomp_merge.3 +#usr/share/man/man3/seccomp_release.3 +#usr/share/man/man3/seccomp_reset.3 +#usr/share/man/man3/seccomp_rule_add.3 +#usr/share/man/man3/seccomp_rule_add_array.3 +#usr/share/man/man3/seccomp_rule_add_exact.3 +#usr/share/man/man3/seccomp_rule_add_exact_array.3 +#usr/share/man/man3/seccomp_syscall_priority.3 +#usr/share/man/man3/seccomp_syscall_resolve_name.3 +#usr/share/man/man3/seccomp_syscall_resolve_name_arch.3 +#usr/share/man/man3/seccomp_syscall_resolve_name_rewrite.3 +#usr/share/man/man3/seccomp_syscall_resolve_num_arch.3 +#usr/share/man/man3/seccomp_version.3 diff --git a/lfs/libseccomp b/lfs/libseccomp new file mode 100644 index 0000000..d577793 --- /dev/null +++ b/lfs/libseccomp @@ -0,0 +1,87 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2.4.0 + +THISAPP = libseccomp-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = libseccomp +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 91625d78af26c646b03be3de58e71988 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar vxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-static + + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index de973c6..fd85b03 100755 --- a/make.sh +++ b/make.sh @@ -1410,6 +1410,7 @@ buildipfire() { lfsmake2 spice lfsmake2 sdl lfsmake2 libusbredir + lfsmake2 libseccomp lfsmake2 qemu lfsmake2 sane lfsmake2 netpbm From patchwork Sun Apr 14 00:55:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag X-Patchwork-Id: 2199 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id B45268AA542 for ; Sat, 13 Apr 2019 15:55:35 +0100 (BST) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 44hHr71DfYz5LcyQ; Sat, 13 Apr 2019 15:55:35 +0100 (BST) Received: from jonatan.builders.ipfire.org (fw01.ipfire.org [172.28.1.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 44hHr42Rx9z5JlvM; Sat, 13 Apr 2019 15:55:32 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904rsa; t=1555167332; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=W0ejrbouXNc0VP0zTlOxRq5SFz75tyQL7lr01Td3rjk=; b=h90v4pJ7Ag4yrUr7Q2J+VcQj85TBsoa9dtjym4cvhn/ITC2NB+SUDl0WuWcIK4la7BhjD2 ztsz2ltUsoeAzIucVJ9fWiHqvhlb7NijHLONmzlR5h6uPQBaNaYDabU7VJeI/1vFw3Dlve tVS/TvDMJkhL5NRjJu/F5jab1Wzth+0N1QjM2hDK9IT1dUtessBdxQrBOfl1jaevJ5FoER XqAuAhfbHUYiMg6xk6CKY0MrFRyV6AiQ29yNAWyYaL307gpjyKL6FJ3IdSzy2qSI/eTX0h EYYUj59Hxst8P+XS+dj4v9EgdDqM33ZwiFmtaNt45whUtH8T4/+UWVDUnzZ/Hw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201904ed25519; t=1555167332; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=W0ejrbouXNc0VP0zTlOxRq5SFz75tyQL7lr01Td3rjk=; b=Lz6N3YZiorYf6mr0o1q7/jeBooaiIqQ53+mSaCwYee7RAb3u1o7LNbZ3VpaZmUFslxcXPc tg3ZzdmSov9CrvDw== From: Jonatan Schlag To: development@lists.ipfire.org Subject: [PATCH 2/2] Enable seccomp support for qemu Date: Sat, 13 Apr 2019 15:55:16 +0100 Message-Id: <1555167316-3677-2-git-send-email-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1555167316-3677-1-git-send-email-jonatan.schlag@ipfire.org> References: <1555167316-3677-1-git-send-email-jonatan.schlag@ipfire.org> X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Fixes: #11941 Signed-off-by: Jonatan Schlag --- lfs/qemu | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/qemu b/lfs/qemu index 015837a..d18b49c 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -33,9 +33,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = qemu -PAK_VER = 23 +PAK_VER = 24 -DEPS = "libusbredir sdl spice" +DEPS = "libusbredir sdl spice libseccomp" ############################################################################### # Top-level Rules @@ -82,7 +82,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ --localstatedir=/var --enable-kvm --disable-bluez --disable-attr \ --target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \ - --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir + --extra-cflags="$(CFLAGS)" --enable-spice --enable-usb-redir --enable-seccomp cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install