mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-12-03 19:06:16 +02:00
seccomp: add 32-bit ARM on aarch64-linux
This allows building armv[67]l-linux derivations on compatible aarch64 machines. Failure to add the architecture may result from missing hardware support, in which case we can't run 32-bit binaries and don't need to restrict them with seccomp anyway,
This commit is contained in:
parent
eb03a296c1
commit
919c3c20b3
1 changed files with 4 additions and 0 deletions
|
@ -2491,6 +2491,10 @@ void setupSeccomp()
|
||||||
seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
|
seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
|
||||||
throw SysError("unable to add X32 seccomp architecture");
|
throw SysError("unable to add X32 seccomp architecture");
|
||||||
|
|
||||||
|
if (settings.thisSystem == "aarch64-linux" &&
|
||||||
|
seccomp_arch_add(ctx, SCMP_ARCH_ARM) != 0)
|
||||||
|
printError("unsable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes.");
|
||||||
|
|
||||||
/* Prevent builders from creating setuid/setgid binaries. */
|
/* Prevent builders from creating setuid/setgid binaries. */
|
||||||
for (int perm : { S_ISUID, S_ISGID }) {
|
for (int perm : { S_ISUID, S_ISGID }) {
|
||||||
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,
|
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,
|
||||||
|
|
Loading…
Reference in a new issue