From: Christian Brauner <brauner@kernel.org>
Date: Thu, 9 Jun 2022 16:10:27 +0000 (+0200)
Subject: build: add seccomp build option
X-Git-Tag: lxc-5.0.0~3^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b9adfdad4795e77451656164289cf5161048c0a;p=thirdparty%2Flxc.git

build: add seccomp build option

Signed-off-by: Christian Brauner (Microsoft) <christian.brauner@ubuntu.com>
---

diff --git a/meson.build b/meson.build
index 3ae145d39..f6d1eecf2 100644
--- a/meson.build
+++ b/meson.build
@@ -146,6 +146,7 @@ want_capabilities = get_option('capabilities')
 want_apparmor = get_option('apparmor')
 want_openssl = get_option('openssl')
 want_selinux = get_option('selinux')
+want_seccomp = get_option('seccomp')
 
 srcconf.set_quoted('DEFAULT_CGROUP_PATTERN', cgrouppattern)
 if coverity
@@ -291,41 +292,45 @@ endif
 threads = dependency('threads')
 
 ## Seccomp.
-libseccomp = dependency('libseccomp', required: false)
-srcconf.set10('HAVE_SECCOMP', libseccomp.found())
-pkgconfig_libs += libseccomp
-if libseccomp.found()
-    if libseccomp.version().version_compare('>=2.5.0')
-        # https://github.com/seccomp/libseccomp/commit/dead12bc788b259b148cc4d93b970ef0bd602b1a
-        srcconf.set10('HAVE_DECL_SECCOMP_NOTIFY_FD', true)
-    else
-        srcconf.set10('HAVE_DECL_SECCOMP_NOTIFY_FD', false)
-    endif
-
-    if libseccomp.version().version_compare('>=2.0.0')
-        # https://github.com/seccomp/libseccomp/commit/6220c8c0fc479d97b6d3e3166a4e46fbfe25a3c0
-        srcconf.set10('HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH', true)
-    else
-        srcconf.set10('HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH', false)
-    endif
-
-    seccomp_headers = '''
-    #include <seccomp.h>
-    '''
-
-    foreach decl: [
-        'scmp_filter_ctx',
-        'struct seccomp_notif_sizes',
-        'struct clone_args',
-    ]
+if want_seccomp
+    libseccomp = dependency('libseccomp', required: false)
+    srcconf.set10('HAVE_SECCOMP', libseccomp.found())
+    pkgconfig_libs += libseccomp
+    if libseccomp.found()
+        if libseccomp.version().version_compare('>=2.5.0')
+            # https://github.com/seccomp/libseccomp/commit/dead12bc788b259b148cc4d93b970ef0bd602b1a
+            srcconf.set10('HAVE_DECL_SECCOMP_NOTIFY_FD', true)
+        else
+            srcconf.set10('HAVE_DECL_SECCOMP_NOTIFY_FD', false)
+        endif
 
-        # We get -1 if the size cannot be determined
-        if cc.sizeof(decl, prefix: seccomp_headers, args: '-D_GNU_SOURCE') > 0
-            srcconf.set10('HAVE_' + decl.underscorify().to_upper(), true)
+        if libseccomp.version().version_compare('>=2.0.0')
+            # https://github.com/seccomp/libseccomp/commit/6220c8c0fc479d97b6d3e3166a4e46fbfe25a3c0
+            srcconf.set10('HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH', true)
         else
-            srcconf.set10('HAVE_' + decl.underscorify().to_upper(), false)
+            srcconf.set10('HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH', false)
         endif
-    endforeach
+
+        seccomp_headers = '''
+        #include <seccomp.h>
+        '''
+
+        foreach decl: [
+            'scmp_filter_ctx',
+            'struct seccomp_notif_sizes',
+            'struct clone_args',
+        ]
+
+            # We get -1 if the size cannot be determined
+            if cc.sizeof(decl, prefix: seccomp_headers, args: '-D_GNU_SOURCE') > 0
+                srcconf.set10('HAVE_' + decl.underscorify().to_upper(), true)
+            else
+                srcconf.set10('HAVE_' + decl.underscorify().to_upper(), false)
+            endif
+        endforeach
+    endif
+else
+    srcconf.set10('HAVE_SECCOMP', false)
 endif
 
 ## SELinux.
@@ -667,9 +672,12 @@ subdir('src/lxc/pam')
 # Library.
 liblxc_dependencies = [
     threads,
-    libseccomp,
 ]
 
+if want_seccomp
+    liblxc_dependencies += libseccomp
+endif
+
 if want_capabilities
     liblxc_dependencies += [libcap]
 endif
diff --git a/meson_options.txt b/meson_options.txt
index 19c788be6..874258342 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -32,6 +32,9 @@ option('commands', type: 'boolean', value: 'true',
 option('capabilities', type: 'boolean', value: 'true',
        description: 'use capabilities')
 
+option('seccomp', type: 'boolean', value: 'true',
+       description: 'use seccomp')
+
 option('apparmor', type: 'boolean', value: 'true',
        description: 'use apparmor')
 
diff --git a/src/lxc/meson.build b/src/lxc/meson.build
index 4999b2e93..78b873f24 100644
--- a/src/lxc/meson.build
+++ b/src/lxc/meson.build
@@ -139,7 +139,7 @@ liblxc_sources = files(
     'uuid.c',
     'uuid.h')
 
-if libseccomp.found()
+if want_seccomp and libseccomp.found()
     liblxc_sources += files('seccomp.c')
 endif