Add a helper binary to create a basic Secure Computing filter.scratch/seccomp

The binary uses the 'seccomp' helper library. The library isn't needed to load the generated Secure Computing filter. * configure.ac: Check for 'seccomp' header and library. * lib-src/seccomp-filter.c: New helper binary to generate a generic Secure Computing filter for GNU/Linux. * lib-src/Makefile.in (DONT_INSTALL): Add 'seccomp-filter' helper binary if possible. (all): Add Secure Computing filter file if possible. (seccomp-filter$(EXEEXT)): Compile helper binary. (seccomp-filter.bpf seccomp-filter.pfc): Generate filter files. * test/src/emacs-tests.el (emacs-tests/seccomp/allows-stdout) (emacs-tests/seccomp/forbids-subprocess): New unit tests. * test/Makefile.in (src/emacs-tests.log): Add dependency on the helper binary.
author: Philipp Stephani 2020-12-17 11:20:55 +0100
committer: Philipp Stephani 2020-12-29 14:37:51 +0100
commit: 202a61d09cddf420ce2f18f86aea741f086022fd (patch)
tree: 567adc566589c3cda9cb3b4e615e575c34f3ec1c /configure.ac
parent: 2334f9bfa3f54a606d1748ab86ee9fd481369d7a (diff)
download: emacs-scratch/seccomp.tar.gz
emacs-scratch/seccomp.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 4dbcda36e86..4945307975b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4186,6 +4186,11 @@ AC_SUBST([LIBS_MAIL])
 AC_CHECK_HEADERS([linux/seccomp.h], [HAVE_SECCOMP=yes])
+LIBSECCOMP=
+AC_CHECK_HEADER([seccomp.h],
+  [AC_CHECK_LIB([seccomp], [seccomp_init], [LIBSECCOMP=-lseccomp])])
+AC_SUBST([LIBSECCOMP])
 OLD_LIBS=$LIBS
 LIBS="$LIB_PTHREAD $LIB_MATH $LIBS"
 AC_CHECK_FUNCS(accept4 fchdir gethostname \
author	Philipp Stephani	2020-12-17 11:20:55 +0100
committer	Philipp Stephani	2020-12-29 14:37:51 +0100
commit	202a61d09cddf420ce2f18f86aea741f086022fd (patch)
tree	567adc566589c3cda9cb3b4e615e575c34f3ec1c /configure.ac
parent	2334f9bfa3f54a606d1748ab86ee9fd481369d7a (diff)
download	emacs-scratch/seccomp.tar.gz emacs-scratch/seccomp.zip