From 8cee4ab7345f126d1dec55b7ca1f28e8090a58d3 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 28 Aug 2015 08:47:33 -0400
Subject: Add seccomp and rules imported from xdg-app/Sandstorm.io

seccomp is disabled by default for backwards compatibility.

This "v0" version is a basic blacklist that turns off some of the
known historical attack surface, initially imported from xdg-app.

I added a note about code sharing - we should share rules among
container implementations.
---
 Makefile-user-chroot.am | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'Makefile-user-chroot.am')

diff --git a/Makefile-user-chroot.am b/Makefile-user-chroot.am
index 32db975..66f8eb4 100644
--- a/Makefile-user-chroot.am
+++ b/Makefile-user-chroot.am
@@ -17,9 +17,13 @@
 
 bin_PROGRAMS += linux-user-chroot
 
-linux_user_chroot_SOURCES = src/linux-user-chroot.c
+linux_user_chroot_SOURCES = \
+	src/setup-seccomp.c \
+	src/linux-user-chroot.c \
+	$(NULL)
 
-linux_user_chroot_CFLAGS = $(AM_CFLAGS)
+linux_user_chroot_CFLAGS = $(AM_CFLAGS) $(LIBSECCOMP_CFLAGS)
+linux_user_chroot_LDFLAGS = $(LIBSECCOMP_LIBS)
 
 if BUILD_NEWNET_HELPER
 bin_PROGRAMS += linux-user-chroot-newnet
-- 
cgit v1.2.1