Re: [PATCH] samples/seccomp: Add standalone config option
From: Olof Johansson
Date: Thu Jul 07 2016 - 13:15:11 EST
Hi,
On Wed, Jul 6, 2016 at 10:55 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> On Wed, Jul 6, 2016 at 2:53 AM, Olof Johansson <olof@xxxxxxxxx> wrote:
>> Add a separate Kconfig option for SAMPLES_SECCOMP.
>>
>> Main reason for this is that, just like other samples, it's forced to be a module.
>>
>> Without this, since the sample is a target only controlled by
>> CONFIG_SECCOMP_FILTER, the samples will be built before include files are
>> put in place properly. For example, from an arm64 allmodconfig built with
>> "make -sk -j 32" (without specific target), the following happens:
>>
>> samples/seccomp/bpf-fancy.c:13:27: fatal error: linux/seccomp.h: No such file or directory
>> samples/seccomp/bpf-helper.h:20:50: fatal error: linux/seccomp.h: No such file or directory
>> samples/seccomp/dropper.c:20:27: fatal error: linux/seccomp.h: No such file or directory
>> samples/seccomp/bpf-direct.c:21:27: fatal error: linux/seccomp.h: No such file or directory
>
> Ah-ha! Yes, that's ugly.
>
>> So, just stick to the same format as other samples.
>
> Agreed, that makes sense to me.
>
>>
>> Signed-off-by: Olof Johansson <olof@xxxxxxxxx>
>> ---
>> samples/Kconfig | 7 +++++++
>> samples/seccomp/Makefile | 2 +-
>> 2 files changed, 8 insertions(+), 1 deletion(-)
>>
>>
>> Hi Kees,
>>
>> This has been showing up for a while on my builder, and I finally had
>> a bit of time to sit down and look at it.
>>
>> It'd be nice to see this in 4.7, but please consider for 4.8 at the least.
>>
>>
>> Thanks!
>>
>> -Olof
>>
>> diff --git a/samples/Kconfig b/samples/Kconfig
>> index 559a58b..ccc50be 100644
>> --- a/samples/Kconfig
>> +++ b/samples/Kconfig
>> @@ -85,4 +85,11 @@ config SAMPLE_CONNECTOR
>> with it.
>> See also Documentation/connector/connector.txt
>>
>> +config SAMPLE_SECCOMP
>> + tristate "Build seccomp sample code -- loadable modules only"
>> + depends on SECCOMP_FILTER && m
>> + help
>> + Build samples of seccomp filters using various methods of
>> + BPF filter construction.
>> +
>> endif # SAMPLES
>> diff --git a/samples/seccomp/Makefile b/samples/seccomp/Makefile
>> index 1b4e4b8..ae7ff6f 100644
>> --- a/samples/seccomp/Makefile
>> +++ b/samples/seccomp/Makefile
>> @@ -1,7 +1,7 @@
>> # kbuild trick to avoid linker error. Can be omitted if a module is built.
>> obj- := dummy.o
>
> Can the above two lines be dropped now since it'll always be a module?
Actually, they can't, since the only other target is a hostprogs one.
Still needs a dummy module object file.
-Olof