diff options
| author | Florian Eckert <fe@dev.tdt.de> | 2021-10-15 09:19:12 +0200 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2021-10-16 02:00:47 +0100 |
| commit | b118efa0d25f5b60226a9d316eb838dd6be22f78 (patch) | |
| tree | 1d0b389ed08221855d4d22e1897108d8a0e032af | |
| parent | 3a93704a63cf018187411108d241c35ec83992c0 (diff) | |
| download | openwrt-b118efa0d25f5b60226a9d316eb838dd6be22f78.tar.gz openwrt-b118efa0d25f5b60226a9d316eb838dd6be22f78.tar.bz2 openwrt-b118efa0d25f5b60226a9d316eb838dd6be22f78.zip | |
buildsystem: add CONFIG_SECCOMP
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.
The follwing change a7f794cd2aa104fdbd4c6e38f9b76373bf9b96e1 now requires that
the package procd-seccomp must also enabled for buildinmg.
However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.
This change adds a new configuration option CONFIG_SECCOMP.
The new option has the same behaviour as the configuration
option CONFIG_SELINUX.
If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
| -rw-r--r-- | config/Config-build.in | 12 | ||||
| -rw-r--r-- | include/target.mk | 2 | ||||
| -rw-r--r-- | package/system/procd/Makefile | 3 |
3 files changed, 14 insertions, 3 deletions
diff --git a/config/Config-build.in b/config/Config-build.in index f0e1aaa695..ca6f513450 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -386,4 +386,16 @@ menu "Global build settings" endchoice + config SECCOMP + bool "Enable SECCOMP" + select KERNEL_SECCOMP + select PACKAGE_procd-seccomp + depends on (aarch64 || arm || armeb || mips || mipsel || i386 || powerpc || x86_64) + depends on !TARGET_uml + default y + help + This option enables seccomp kernel features to safely + execute untrusted bytecode and selects the seccomp-variants + of procd + endmenu diff --git a/include/target.mk b/include/target.mk index 03192d3ebe..60760bf602 100644 --- a/include/target.mk +++ b/include/target.mk @@ -39,7 +39,7 @@ DEFAULT_PACKAGES+=procd-ujail endif # include seccomp ld-preload hooks if kernel supports it -ifneq ($(CONFIG_KERNEL_SECCOMP),) +ifneq ($(CONFIG_SECCOMP),) DEFAULT_PACKAGES+=procd-seccomp endif diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile index 6f506423f8..4c76045062 100644 --- a/package/system/procd/Makefile +++ b/package/system/procd/Makefile @@ -82,8 +82,7 @@ endef define Package/procd-seccomp SECTION:=base CATEGORY:=Base system - DEPENDS:=@(aarch64||arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \ - @KERNEL_SECCOMP +libubox +libblobmsg-json + DEPENDS:=@SECCOMP +libubox +libblobmsg-json TITLE:=OpenWrt process seccomp helper + utrace endef |