| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This variable is only used for lifetime tracking (autocleanup), but
clang warns on that.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \ \ \
| | | | |
| | | | | |
try-syscall: Use compiler-predefined macros to detect mips ABI
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
_MIPS_SIM_ABI32 etc. are defined by Linux <asm/sgidefs.h>, which is
included by glibc <sys/syscall.h> (which defers to Linux headers to
get syscall numbers), but not by musl <sys/syscall.h>.
_ABIO32 etc. are predefined by the compiler, so they are always
available, regardless of libc. References:
https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=27d54b2a6c18ef1ae50f1a5b432d590438445b90
https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=0ea339ea4d9c3e04ae17da6bf389617eb0251e57
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \ \ \
| | | | |
| | | | | |
meson: Allow installation directory to be set explicitly
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Overriding the libexecdir via default_options doesn't always work when
used as a subproject.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Allow building on old glibc without PR_SET_CHILD_SUBREAPER defined
|
| | |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If we don't do this, AddressSanitizer busy-loops with this backtrace:
#0 in sched_yield
#1 in __sanitizer::StopTheWorld
#2 in __lsan::LockStuffAndStopTheWorldCallback
#3 in __GI___dl_iterate_phdr
#4 in __lsan::LockStuffAndStopTheWorld
#5 in __lsan::CheckForLeaks
#6 in __lsan::DoLeakCheck
#7 __lsan::DoLeakCheck
#8 in __cxa_finalize
#9 in __do_global_dtors_aux
#10 in ??
#11 in _dl_fini
This fixes the hang described in commit 2e3d6e7d, so remove the
workarounds from that commit.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
gcc's AddressSanitizer makes system calls that our filter doesn't
allow for, resulting in a fatal error when run under a restrictive
seccomp filter.
try-syscall is a helper for the test, rather than being code under test
itself, so we don't really need this instrumentation in it: all we want
it to do is make some specific syscalls.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This follows the usual feature semantics: they're mandatory if the
feature is enabled, aren't checked if the feature is disabled, and are
optional if the feature is in the auto state (which is the default for
this particular feature).
The logic used here is similar to AX_CHECK_DOCBOOK_XSLT in
autoconf-archive.
Resolves: https://github.com/containers/bubblewrap/issues/500
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add --share-net & --json-status-fd to the manpage
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes #469
Fixes #499
Signed-off-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
meson: add tests option
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow the user to disable tests, for example to avoid the following
build failure on mips32:
FAILED: tests/try-syscall.p/try-syscall.c.o
/home/autobuild/autobuild/instance-11/output-1/host/bin/mipsel-buildroot-linux-musl-gcc -Itests/try-syscall.p -Itests -I../tests -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -O3 -D_GNU_SOURCE -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -Wno-sign-compare -Wno-error=sign-compare -Wno-missing-field-initializers -Wno-error=missing-field-initializers -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O1 -g0 -MD -MQ tests/try-syscall.p/try-syscall.c.o -MF tests/try-syscall.p/try-syscall.c.o.d -o tests/try-syscall.p/try-syscall.c.o -c ../tests/try-syscall.c
../tests/try-syscall.c:34:5: error: #error "Unknown MIPS ABI"
34 | # error "Unknown MIPS ABI"
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/cf0365354fc8c16e5871d561daae0fa5039d0bee
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Link to the last commit where xdg-app-helper.c existed
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Right now this link just opens a "path not found" page, so let's fix that by linking to the last commit where it existed instead.
Signed-off-by: Newbyte <newbie13xd@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Add install instruction to README.md
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Closes #315
Closes #363
Signed-off-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |\ \ \
| | | |
| | | | |
Add --add-seccomp-fd to bash/zsh completion
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |\ \ \
| |/ /
|/| | |
Fix --add-seccomp-fd argument name in usage
|
| |/ /
| |
| |
| |
| |
| |
| | |
--help shows --add-seccomp instead of --add-seccomp-fd which is the
correct argument.
Signed-off-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |\ \
| | |
| | | |
tests: fix build with clang
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Avoids breaking warning with clang
Fixes #478
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
|
| | |
| |
| |
| | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |
| |
| |
| | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \
| | |
| | | |
completions: Make zsh completion non-executable
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Autotools build system installed it with 0644 permissions because
it's listed as DATA, but the Meson build system installs executable
files as executable by default.
zsh completions don't need to be executable to work, and this one doesn't
have the `#!` marker that should start an executable script.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |
| |
| |
| | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \
| | |
| | | |
Fix Meson build system to be able to run tests
|
| | | |
| | |
| | |
| | |
| | |
| | | |
That version doesn't allow more than two arguments for define_variable.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This test is hanging when run under 'meson dist' for some reason, but
not when run under 'meson test', and not locally, only in the Github
Workflow-based CI. Disable it for now.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The python build option can be used to swap to a different interpreter,
for environments like the Steam Runtime where the python3 executable in
the PATH is extremely old but there is a better interpreter available.
This is treated as non-optional, because Meson is written in Python,
so the situation where there is no Python interpreter at build-time
shouldn't arise.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \
| | |
| | | |
Add a Meson build system
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows bwrap to be built as a subproject in larger Meson projects.
When built as a subproject, we install into the --libexecdir and
require a program prefix to be specified: for example, Flatpak would use
program_prefix=flatpak- to get /usr/libexec/flatpak-bwrap. Verified to
be backwards-compatible as far as Meson 0.49.0 (Debian 9 backports).
Loosely based on previous work by Jussi Pakkanen (see #133).
Differences between the Autotools and Meson builds:
The Meson build requires a version of libcap that has pkg-config
metadata (introduced in libcap 2.23, in 2013).
The Meson build has no equivalent of --with-priv-mode=setuid. On
distributions like Debian <= 10 and RHEL <= 7 that require a setuid bwrap
executable, the sysadmin or distribution packaging will need to set the
correct permissions on the bwrap executable; Debian already did this via
packaging rather than the upstream build system.
The Meson build supports being used as a subproject, and there is CI
for this. It automatically disables shell completions and man pages,
moves the bubblewrap executable to ${libexecdir}, and renames the
bubblewrap executable according to a program_prefix option that the
caller must specify (for example, Flatpak would use
-Dprogram_prefix=flatpak- to get /usr/libexec/flatpak-bwrap). See the
tests/use-as-subproject/ directory for an example.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |
| |
| |
| |
| |
| |
| | |
This makes the URL independent of the name they have chosen for their
default branches.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |/
|
|
| |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\
| |
| | |
Allow loading more than one seccomp program
|
| | |
| |
| |
| | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This will allow Flatpak to combine an allow-list (default-deny) of
known system calls with a deny-list (default-allow) of system calls
that are undesired.
Resolves: https://github.com/containers/bubblewrap/issues/453
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |/
|
|
|
|
|
| |
I'm about to add a third linked list, for seccomp programs, which would
seem like too much duplication.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\
| |
| | |
Fix typo
|
| | | |
|
