seccomp: convert to meson
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
b1def33d19
commit
90835c2b81
32
configure
vendored
32
configure
vendored
@ -413,7 +413,7 @@ debug_stack_usage="no"
|
|||||||
crypto_afalg="no"
|
crypto_afalg="no"
|
||||||
cfi="false"
|
cfi="false"
|
||||||
cfi_debug="false"
|
cfi_debug="false"
|
||||||
seccomp="$default_feature"
|
seccomp="auto"
|
||||||
glusterfs="auto"
|
glusterfs="auto"
|
||||||
gtk="$default_feature"
|
gtk="$default_feature"
|
||||||
gtk_gl="no"
|
gtk_gl="no"
|
||||||
@ -1355,9 +1355,9 @@ for opt do
|
|||||||
;;
|
;;
|
||||||
--disable-tools) want_tools="no"
|
--disable-tools) want_tools="no"
|
||||||
;;
|
;;
|
||||||
--enable-seccomp) seccomp="yes"
|
--enable-seccomp) seccomp="enabled"
|
||||||
;;
|
;;
|
||||||
--disable-seccomp) seccomp="no"
|
--disable-seccomp) seccomp="disabled"
|
||||||
;;
|
;;
|
||||||
--disable-glusterfs) glusterfs="disabled"
|
--disable-glusterfs) glusterfs="disabled"
|
||||||
;;
|
;;
|
||||||
@ -2457,24 +2457,6 @@ EOF
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
##########################################
|
|
||||||
# libseccomp check
|
|
||||||
|
|
||||||
if test "$seccomp" != "no" ; then
|
|
||||||
libseccomp_minver="2.3.0"
|
|
||||||
if $pkg_config --atleast-version=$libseccomp_minver libseccomp ; then
|
|
||||||
seccomp_cflags="$($pkg_config --cflags libseccomp)"
|
|
||||||
seccomp_libs="$($pkg_config --libs libseccomp)"
|
|
||||||
seccomp="yes"
|
|
||||||
else
|
|
||||||
if test "$seccomp" = "yes" ; then
|
|
||||||
feature_not_found "libseccomp" \
|
|
||||||
"Install libseccomp devel >= $libseccomp_minver"
|
|
||||||
fi
|
|
||||||
seccomp="no"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
##########################################
|
##########################################
|
||||||
# xen probe
|
# xen probe
|
||||||
|
|
||||||
@ -6084,12 +6066,6 @@ if test "$avx512f_opt" = "yes" ; then
|
|||||||
echo "CONFIG_AVX512F_OPT=y" >> $config_host_mak
|
echo "CONFIG_AVX512F_OPT=y" >> $config_host_mak
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test "$seccomp" = "yes"; then
|
|
||||||
echo "CONFIG_SECCOMP=y" >> $config_host_mak
|
|
||||||
echo "SECCOMP_CFLAGS=$seccomp_cflags" >> $config_host_mak
|
|
||||||
echo "SECCOMP_LIBS=$seccomp_libs" >> $config_host_mak
|
|
||||||
fi
|
|
||||||
|
|
||||||
# XXX: suppress that
|
# XXX: suppress that
|
||||||
if [ "$bsd" = "yes" ] ; then
|
if [ "$bsd" = "yes" ] ; then
|
||||||
echo "CONFIG_BSD=y" >> $config_host_mak
|
echo "CONFIG_BSD=y" >> $config_host_mak
|
||||||
@ -6648,7 +6624,7 @@ NINJA=$ninja $meson setup \
|
|||||||
-Dcurl=$curl -Dglusterfs=$glusterfs -Dbzip2=$bzip2 -Dlibiscsi=$libiscsi \
|
-Dcurl=$curl -Dglusterfs=$glusterfs -Dbzip2=$bzip2 -Dlibiscsi=$libiscsi \
|
||||||
-Dlibnfs=$libnfs -Diconv=$iconv -Dcurses=$curses -Dlibudev=$libudev\
|
-Dlibnfs=$libnfs -Diconv=$iconv -Dcurses=$curses -Dlibudev=$libudev\
|
||||||
-Drbd=$rbd -Dlzo=$lzo -Dsnappy=$snappy -Dlzfse=$lzfse \
|
-Drbd=$rbd -Dlzo=$lzo -Dsnappy=$snappy -Dlzfse=$lzfse \
|
||||||
-Dzstd=$zstd \
|
-Dzstd=$zstd -Dseccomp=$seccomp \
|
||||||
-Ddocs=$docs -Dsphinx_build=$sphinx_build -Dinstall_blobs=$blobs \
|
-Ddocs=$docs -Dsphinx_build=$sphinx_build -Dinstall_blobs=$blobs \
|
||||||
-Dvhost_user_blk_server=$vhost_user_blk_server \
|
-Dvhost_user_blk_server=$vhost_user_blk_server \
|
||||||
-Dfuse=$fuse -Dfuse_lseek=$fuse_lseek \
|
-Dfuse=$fuse -Dfuse_lseek=$fuse_lseek \
|
||||||
|
10
meson.build
10
meson.build
@ -333,9 +333,10 @@ if 'CONFIG_ATTR' in config_host
|
|||||||
libattr = declare_dependency(link_args: config_host['LIBATTR_LIBS'].split())
|
libattr = declare_dependency(link_args: config_host['LIBATTR_LIBS'].split())
|
||||||
endif
|
endif
|
||||||
seccomp = not_found
|
seccomp = not_found
|
||||||
if 'CONFIG_SECCOMP' in config_host
|
if not get_option('seccomp').auto() or have_system or have_tools
|
||||||
seccomp = declare_dependency(compile_args: config_host['SECCOMP_CFLAGS'].split(),
|
seccomp = dependency('libseccomp', version: '>=2.3.0',
|
||||||
link_args: config_host['SECCOMP_LIBS'].split())
|
required: get_option('seccomp'),
|
||||||
|
method: 'pkg-config', static: enable_static)
|
||||||
endif
|
endif
|
||||||
libcap_ng = not_found
|
libcap_ng = not_found
|
||||||
if 'CONFIG_LIBCAP_NG' in config_host
|
if 'CONFIG_LIBCAP_NG' in config_host
|
||||||
@ -998,6 +999,7 @@ config_host_data.set('CONFIG_LIBNFS', libnfs.found())
|
|||||||
config_host_data.set('CONFIG_RBD', rbd.found())
|
config_host_data.set('CONFIG_RBD', rbd.found())
|
||||||
config_host_data.set('CONFIG_SDL', sdl.found())
|
config_host_data.set('CONFIG_SDL', sdl.found())
|
||||||
config_host_data.set('CONFIG_SDL_IMAGE', sdl_image.found())
|
config_host_data.set('CONFIG_SDL_IMAGE', sdl_image.found())
|
||||||
|
config_host_data.set('CONFIG_SECCOMP', seccomp.found())
|
||||||
config_host_data.set('CONFIG_SNAPPY', snappy.found())
|
config_host_data.set('CONFIG_SNAPPY', snappy.found())
|
||||||
config_host_data.set('CONFIG_VHOST_USER_BLK_SERVER', have_vhost_user_blk_server)
|
config_host_data.set('CONFIG_VHOST_USER_BLK_SERVER', have_vhost_user_blk_server)
|
||||||
config_host_data.set('CONFIG_VNC', vnc.found())
|
config_host_data.set('CONFIG_VNC', vnc.found())
|
||||||
@ -2367,7 +2369,7 @@ if targetos == 'windows'
|
|||||||
summary_info += {'QGA w32 disk info': config_host.has_key('CONFIG_QGA_NTDDSCSI')}
|
summary_info += {'QGA w32 disk info': config_host.has_key('CONFIG_QGA_NTDDSCSI')}
|
||||||
summary_info += {'QGA MSI support': config_host.has_key('CONFIG_QGA_MSI')}
|
summary_info += {'QGA MSI support': config_host.has_key('CONFIG_QGA_MSI')}
|
||||||
endif
|
endif
|
||||||
summary_info += {'seccomp support': config_host.has_key('CONFIG_SECCOMP')}
|
summary_info += {'seccomp support': seccomp.found()}
|
||||||
summary_info += {'CFI support': get_option('cfi')}
|
summary_info += {'CFI support': get_option('cfi')}
|
||||||
summary_info += {'CFI debug support': get_option('cfi_debug')}
|
summary_info += {'CFI debug support': get_option('cfi_debug')}
|
||||||
summary_info += {'coroutine backend': config_host['CONFIG_COROUTINE_BACKEND']}
|
summary_info += {'coroutine backend': config_host['CONFIG_COROUTINE_BACKEND']}
|
||||||
|
@ -72,6 +72,8 @@ option('sdl', type : 'feature', value : 'auto',
|
|||||||
description: 'SDL user interface')
|
description: 'SDL user interface')
|
||||||
option('sdl_image', type : 'feature', value : 'auto',
|
option('sdl_image', type : 'feature', value : 'auto',
|
||||||
description: 'SDL Image support for icons')
|
description: 'SDL Image support for icons')
|
||||||
|
option('seccomp', type : 'feature', value : 'auto',
|
||||||
|
description: 'seccomp support')
|
||||||
option('snappy', type : 'feature', value : 'auto',
|
option('snappy', type : 'feature', value : 'auto',
|
||||||
description: 'snappy compression support')
|
description: 'snappy compression support')
|
||||||
option('u2f', type : 'feature', value : 'auto',
|
option('u2f', type : 'feature', value : 'auto',
|
||||||
|
@ -28,5 +28,5 @@ softmmu_ss.add(files(
|
|||||||
), sdl, libpmem, libdaxctl)
|
), sdl, libpmem, libdaxctl)
|
||||||
|
|
||||||
softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
|
softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
|
||||||
softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), seccomp])
|
softmmu_ss.add(when: seccomp, if_true: files('qemu-seccomp.c'))
|
||||||
softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))
|
softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))
|
||||||
|
@ -202,7 +202,6 @@ static int seccomp_start(uint32_t seccomp_opts, Error **errp)
|
|||||||
return rc < 0 ? -1 : 0;
|
return rc < 0 ? -1 : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_SECCOMP
|
|
||||||
int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
|
int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
|
||||||
{
|
{
|
||||||
if (qemu_opt_get_bool(opts, "enable", false)) {
|
if (qemu_opt_get_bool(opts, "enable", false)) {
|
||||||
@ -328,4 +327,3 @@ static void seccomp_register(void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
opts_init(seccomp_register);
|
opts_init(seccomp_register);
|
||||||
#endif
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
have_virtiofsd = (targetos == 'linux' and
|
have_virtiofsd = (targetos == 'linux' and
|
||||||
have_tools and
|
have_tools and
|
||||||
'CONFIG_SECCOMP' in config_host and
|
seccomp.found() and
|
||||||
'CONFIG_LIBCAP_NG' in config_host and
|
'CONFIG_LIBCAP_NG' in config_host and
|
||||||
'CONFIG_VHOST_USER' in config_host)
|
'CONFIG_VHOST_USER' in config_host)
|
||||||
|
|
||||||
@ -8,7 +8,7 @@ if get_option('virtiofsd').enabled()
|
|||||||
if not have_virtiofsd
|
if not have_virtiofsd
|
||||||
if targetos != 'linux'
|
if targetos != 'linux'
|
||||||
error('virtiofsd requires Linux')
|
error('virtiofsd requires Linux')
|
||||||
elif 'CONFIG_SECCOMP' not in config_host or 'CONFIG_LIBCAP_NG' not in config_host
|
elif not seccomp.found() or 'CONFIG_LIBCAP_NG' not in config_host
|
||||||
error('virtiofsd requires libcap-ng-devel and seccomp-devel')
|
error('virtiofsd requires libcap-ng-devel and seccomp-devel')
|
||||||
elif not have_tools or 'CONFIG_VHOST_USER' not in config_host
|
elif not have_tools or 'CONFIG_VHOST_USER' not in config_host
|
||||||
error('virtiofsd needs tools and vhost-user support')
|
error('virtiofsd needs tools and vhost-user support')
|
||||||
|
Loading…
Reference in New Issue
Block a user