configure: disable scfilter by default

As an experimental feature it should be explicitly enabled.

diff --git a/configure b/configure
index 84f811a359207083dc46ff11f5e4da697415d538..e9e596ddc0bc2442ead54c442c68917755349b25 100755 (executable)
--- a/configure
+++ b/configure
@@ -95,7 +95,7 @@ For better control, use the options below.
   --disable-rtc          Don't include RTC even on Linux
   --disable-privdrop     Disable support for dropping root privileges
   --without-libcap       Don't use libcap even if it is available
-  --disable-scfilter     Disable support for system call filtering
+  --enable-scfilter      Enable support for system call filtering
   --without-seccomp      Don't use seccomp even if it is available
   --disable-asyncdns     Disable asynchronous name resolving
   --disable-forcednsretry Don't retry on permanent DNS error
@@ -200,7 +200,7 @@ try_rtc=0
 feat_droproot=1
 try_libcap=-1
 try_clockctl=0
-feat_scfilter=1
+feat_scfilter=0
 try_seccomp=-1
 readline_lib=""
 readline_inc=""
@@ -305,6 +305,9 @@ do
     --without-libcap|--disable-linuxcaps)
       try_libcap=0
     ;;
+    --enable-scfilter)
+      feat_scfilter=1
+    ;;
     --disable-scfilter)
       feat_scfilter=0
     ;;

diff --git a/test/compilation/001-features b/test/compilation/001-features
index 3df47c7f1a42f34f99e34e3e48ae72cce5be0d9a..9da21d23079b157beb80fd773c75dd04fb87138d 100755 (executable)
--- a/test/compilation/001-features
+++ b/test/compilation/001-features
@@ -6,12 +6,12 @@ cd ../..
 
 for opts in \
        "--enable-debug" \
+       "--enable-scfilter" \
        "--disable-asyncdns" \
        "--disable-ipv6" \
        "--disable-privdrop" \
        "--disable-readline" \
        "--disable-rtc" \
-       "--disable-scfilter" \
        "--disable-sechash" \
        "--disable-cmdmon" \
        "--disable-ntp" \