diff options
author | Colin Walters <walters@verbum.org> | 2015-08-28 08:47:33 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2015-08-28 09:15:11 -0400 |
commit | 8cee4ab7345f126d1dec55b7ca1f28e8090a58d3 (patch) | |
tree | b2c60c914d3202f6ccf2bc6b8553af15cba25ed8 /Makefile-user-chroot.am | |
parent | 99a02e4114b06edf6c03fcc01e09c137f1fc67dd (diff) | |
download | linux-user-chroot-8cee4ab7345f126d1dec55b7ca1f28e8090a58d3.tar.gz |
Add seccomp and rules imported from xdg-app/Sandstorm.io
seccomp is disabled by default for backwards compatibility.
This "v0" version is a basic blacklist that turns off some of the
known historical attack surface, initially imported from xdg-app.
I added a note about code sharing - we should share rules among
container implementations.
Diffstat (limited to 'Makefile-user-chroot.am')
-rw-r--r-- | Makefile-user-chroot.am | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/Makefile-user-chroot.am b/Makefile-user-chroot.am index 32db975..66f8eb4 100644 --- a/Makefile-user-chroot.am +++ b/Makefile-user-chroot.am @@ -17,9 +17,13 @@ bin_PROGRAMS += linux-user-chroot -linux_user_chroot_SOURCES = src/linux-user-chroot.c +linux_user_chroot_SOURCES = \ + src/setup-seccomp.c \ + src/linux-user-chroot.c \ + $(NULL) -linux_user_chroot_CFLAGS = $(AM_CFLAGS) +linux_user_chroot_CFLAGS = $(AM_CFLAGS) $(LIBSECCOMP_CFLAGS) +linux_user_chroot_LDFLAGS = $(LIBSECCOMP_LIBS) if BUILD_NEWNET_HELPER bin_PROGRAMS += linux-user-chroot-newnet |