mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 00:06:16 +02:00
seccomp: add 32-bit ARM on aarch64-linux
This allows building armv[67]l-linux derivations on compatible aarch64 machines. Failure to add the architecture may result from missing hardware support, in which case we can't run 32-bit binaries and don't need to restrict them with seccomp anyway,
This commit is contained in:
parent
eb03a296c1
commit
919c3c20b3
1 changed files with 4 additions and 0 deletions
|
@ -2491,6 +2491,10 @@ void setupSeccomp()
|
|||
seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
|
||||
throw SysError("unable to add X32 seccomp architecture");
|
||||
|
||||
if (settings.thisSystem == "aarch64-linux" &&
|
||||
seccomp_arch_add(ctx, SCMP_ARCH_ARM) != 0)
|
||||
printError("unsable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes.");
|
||||
|
||||
/* Prevent builders from creating setuid/setgid binaries. */
|
||||
for (int perm : { S_ISUID, S_ISGID }) {
|
||||
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,
|
||||
|
|
Loading…
Reference in a new issue