~serge-hallyn/ubuntu/quantal/lxc/lxc-fixapi

Viewing changes to debian/patches/0097-seccomp

Committer: Package Import Robot
Author(s): Serge Hallyn
Date: 2012-08-16 17:03:07 UTC
Revision ID: package-import@ubuntu.com-20120816170307-91m3dpxdo446bzqr

Tags: 0.8.0~rc1-4ubuntu25

* debian/control: only depend on libseccomp-dev on i386 and amd64, and
  switch to upstream-submitted seccomp patch (LP: #1037701)
* debian/rules: add '--with autoreconf' to force recreation of
  configure from configure.ac
* 0099-cleanup-after-template-help: don't leave a partially created
  container when -h is passed after '--'.  (LP: #1031043)

files added:
.pc/0097-seccomp/configure

.pc/0099-cleanup-after-template-help

.pc/0099-cleanup-after-template-help/src

.pc/0099-cleanup-after-template-help/src/lxc

.pc/0099-cleanup-after-template-help/src/lxc/lxc-create.in

debian/patches/0099-cleanup-after-template-help

files removed:
.pc/0097-seccomp/src/lxc/Makefile.in

files modified:
.pc/applied-patches

configure

configure.ac

debian/changelog

debian/control

debian/patches/0097-seccomp

debian/patches/series

debian/rules

src/lxc/Makefile.am

src/lxc/Makefile.in

src/lxc/lxc-create.in

src/lxc/start.c

Show diffs side-by-side

added added

removed removed

debian/patches/0097-seccomp

Index: lxc-0.8.0~rc1/configure.ac

===================================================================

--- lxc-0.8.0~rc1.orig/configure.ac 2012-08-08 17:54:34.000000000 -0500

+++ lxc-0.8.0~rc1/configure.ac 2012-08-08 17:54:34.000000000 -0500

@@ -18,6 +18,11 @@

commit 16049797728edeba06f3d6dce8c21daa7ffdbced

Author: Serge Hallyn <serge.hallyn@canonical.com>

Date: Fri Jul 27 21:13:53 2012 -0500

Introduce support for seccomp.

Hi,

This patch is so far just a proof of concept. The libseccomp api will be

changing soon so it probably wouldn't be worth pulling this until it is

updated for the new API.

This patch introduces support for seccomp to lxc. Seccomp lets a program

restrict its own (and its children's) future access to system calls. It

uses a simple whitelist system call policy file. It would probably be

better to switch to something more symbolic (i.e specifying 'open' rather

than the syscall #, especially given container arch flexibility).

I just wanted to get this out there as a first step. You can also get

source for an ubuntu package based on this patch at

https://code.launchpad.net/~serge-hallyn/ubuntu/quantal/lxc/lxc-seccomp

Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>

Index: lxc-fix-seccomp/README

===================================================================

--- lxc-fix-seccomp.orig/README 2012-08-16 15:38:00.877173000 -0500

+++ lxc-fix-seccomp/README 2012-08-16 15:38:00.877173000 -0500

@@ -52,3 +52,27 @@

AUTHOR

Daniel Lezcano <daniel.lezcano@free.fr>

+Seccomp with LXC

+----------------

+To restrict a container with seccomp, you must specify a profile which is

+basically a whitelist of system calls it may execute. In the container

+config file, add a line like

+lxc.seccomp = /var/lib/lxc/q1/seccomp.full

+I created a usable (but basically worthless) seccomp.full file using

+cat > seccomp.full << EOF

+whitelist

+EOF

+for i in `seq 0 300`; do

+ echo $i >> secomp.full

+done

+for i in `seq 1024 1079`; do

+ echo $i >> seccomp.full

+done

+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Jul 2012 15:47:02 +0600

Index: lxc-fix-seccomp/configure.ac

===================================================================

--- lxc-fix-seccomp.orig/configure.ac 2012-08-16 15:38:00.877173000 -0500

+++ lxc-fix-seccomp/configure.ac 2012-08-16 17:48:05.955917878 -0500

@@ -18,6 +18,10 @@

AM_CONDITIONAL([ENABLE_RPATH], [test "x$enable_rpath" = "xyes"])

+AC_ARG_ENABLE([seccomp],

+ [AC_HELP_STRING([--enable-seccomp], [enable seccomp])],

+ [], [enable_seccomp=yes])

+AM_CONDITIONAL([ENABLE_SECCOMP], [test "x$enable_seccomp" = "xyes"])

+ [], [enable_seccomp=check])

AC_ARG_ENABLE([doc],

[AC_HELP_STRING([--enable-doc], [make mans (require docbook2man installed) [default=auto]])],

[], [enable_doc=auto])

@@ -29,6 +34,11 @@

@@ -29,6 +33,18 @@

AC_MSG_ERROR([docbook2man required by man request, but not found])

+if test "$enable_seccomp" = "check" ; then

+ AC_CHECK_LIB([seccomp],[seccomp_init],[enable_seccomp=yes], [enable_seccomp=no])

+fi

+AM_CONDITIONAL([ENABLE_SECCOMP], [test "x$enable_seccomp" = "xyes"])

+AM_COND_IF([ENABLE_SECCOMP],

+ [AC_CHECK_HEADER([seccomp.h],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])])

+ AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])])

+ AC_DEFINE_UNQUOTED([ENABLE_SECCOMP], 1, [Seccomp is available])

+ AC_SUBST([SECCOMP_LIBS], [-lseccomp])])

AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$have_docbook" = "xyes"])

AC_ARG_ENABLE([examples],

Index: lxc-0.8.0~rc1/src/lxc/Makefile.am

Index: lxc-fix-seccomp/src/lxc/Makefile.am

===================================================================

--- lxc-0.8.0~rc1.orig/src/lxc/Makefile.am 2012-08-08 17:54:34.000000000 -0500

+++ lxc-0.8.0~rc1/src/lxc/Makefile.am 2012-08-08 17:54:34.000000000 -0500

--- lxc-fix-seccomp.orig/src/lxc/Makefile.am 2012-08-16 15:38:00.877173000 -0500

+++ lxc-fix-seccomp/src/lxc/Makefile.am 2012-08-16 17:36:30.547929653 -0500

@@ -50,6 +50,7 @@

genl.c genl.h \

caps.c caps.h \

+ seccomp.c seccomp.h \

+ lxcseccomp.h \

100

mainloop.c mainloop.h \

101

af_unix.c af_unix.h \

102

@@ -60,13 +61,17 @@

103

@@ -60,13 +61,18 @@

104

-DLXCPATH=\"$(LXCPATH)\" \

105

-DLXCINITDIR=\"$(LXCINITDIR)\"

106

107

+if ENABLE_SECCOMP

108

+AM_CFLAGS += -DHAVE_SECCOMP

109

+liblxc_so_SOURCES += seccomp.c

110

+endif

111

112

liblxc_so_CFLAGS = -fPIC -DPIC $(AM_CFLAGS)

116

-Wl,-soname,liblxc.so.$(firstword $(subst ., ,$(VERSION)))

117

118

-liblxc_so_LDADD = -lutil $(CAP_LIBS) -lapparmor

+liblxc_so_LDADD = -lutil $(CAP_LIBS) -lapparmor -lseccomp

119

+liblxc_so_LDADD = -lutil $(CAP_LIBS) -lapparmor $(SECCOMP_LIBS)

120

121

bin_SCRIPTS = \

122

lxc-ps \

@@ -105,7 +110,7 @@

123

@@ -105,7 +111,7 @@

124

if ENABLE_RPATH

125

AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir)

126

endif

127

-LDADD=liblxc.so @CAP_LIBS@ -lapparmor

+LDADD=liblxc.so @CAP_LIBS@ -lapparmor -lseccomp

128

+LDADD=liblxc.so @CAP_LIBS@ -lapparmor @SECCOMP_LIBS@

129

130

lxc_attach_SOURCES = lxc_attach.c

131

lxc_cgroup_SOURCES = lxc_cgroup.c

Index: lxc-0.8.0~rc1/src/lxc/conf.h

132

Index: lxc-fix-seccomp/src/lxc/conf.h

133

===================================================================

--- lxc-0.8.0~rc1.orig/src/lxc/conf.h 2012-08-08 17:54:34.000000000 -0500

+++ lxc-0.8.0~rc1/src/lxc/conf.h 2012-08-08 17:54:34.000000000 -0500

134

--- lxc-fix-seccomp.orig/src/lxc/conf.h 2012-08-16 15:38:00.877173000 -0500

135

+++ lxc-fix-seccomp/src/lxc/conf.h 2012-08-16 15:38:00.877173000 -0500

136

@@ -223,6 +223,7 @@

137

char *aa_profile;

138

int umount_proc;

141

};

142

143

int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf);

Index: lxc-0.8.0~rc1/src/lxc/confile.c

144

Index: lxc-fix-seccomp/src/lxc/confile.c

145

===================================================================

--- lxc-0.8.0~rc1.orig/src/lxc/confile.c 2012-08-08 17:54:34.000000000 -0500

+++ lxc-0.8.0~rc1/src/lxc/confile.c 2012-08-08 17:54:34.000000000 -0500

146

--- lxc-fix-seccomp.orig/src/lxc/confile.c 2012-08-16 15:38:00.877173000 -0500

147

+++ lxc-fix-seccomp/src/lxc/confile.c 2012-08-16 17:48:11.919917776 -0500

148

@@ -73,6 +73,7 @@

149

static int config_network_ipv6_gateway(const char *, char *, struct lxc_conf *);

150

static int config_cap_drop(const char *, char *, struct lxc_conf *);

125

188

static int config_hook(const char *key, char *value,

126

189

struct lxc_conf *lxc_conf)

127

190

{

128

Index: lxc-0.8.0~rc1/src/lxc/lxc-clone.in

191

Index: lxc-fix-seccomp/src/lxc/lxc-clone.in

129

192

===================================================================

130

--- lxc-0.8.0~rc1.orig/src/lxc/lxc-clone.in 2012-08-08 17:54:34.000000000 -0500

131

+++ lxc-0.8.0~rc1/src/lxc/lxc-clone.in 2012-08-08 17:54:34.000000000 -0500

193

--- lxc-fix-seccomp.orig/src/lxc/lxc-clone.in 2012-08-16 15:38:00.877173000 -0500

194

+++ lxc-fix-seccomp/src/lxc/lxc-clone.in 2012-08-16 15:38:00.877173000 -0500

132

195

@@ -180,7 +180,7 @@

133

196

sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config

134

197

echo "lxc.utsname = $hostname" >> $lxc_path/$lxc_new/config

138

201

139

202

if [ -e $lxc_path/$lxc_orig/fstab ];then

140

203

cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab

141

Index: lxc-0.8.0~rc1/src/lxc/seccomp.c

142

===================================================================

143

--- /dev/null 1970-01-01 00:00:00.000000000 +0000

144

+++ lxc-0.8.0~rc1/src/lxc/seccomp.c 2012-08-08 17:54:34.000000000 -0500

204

Index: lxc-fix-seccomp/src/lxc/lxcseccomp.h

205

===================================================================

206

--- /dev/null 1970-01-01 00:00:00.000000000 +0000

207

+++ lxc-fix-seccomp/src/lxc/lxcseccomp.h 2012-08-16 15:38:00.877173000 -0500

208

@@ -0,0 +1,41 @@

209

+/*

210

+ * lxc: linux Container library

211

+ *

212

+ * (C) Copyright Canonical, Inc. 2012

213

+ *

214

+ * Authors:

215

+ * Serge Hallyn <serge.hallyn@canonical.com>

216

+ *

217

+ * This library is free software; you can redistribute it and/or

218

+ * modify it under the terms of the GNU Lesser General Public

219

+ * License as published by the Free Software Foundation; either

220

+ * version 2.1 of the License, or (at your option) any later version.

221

+ *

222

+ * This library is distributed in the hope that it will be useful,

223

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

224

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

225

+ * Lesser General Public License for more details.

226

+ *

227

+ * You should have received a copy of the GNU Lesser General Public

228

+ * License along with this library; if not, write to the Free Software

229

+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

230

+ */

231

232

+#ifndef _lxc_seccomp_h

233

234

+#include "conf.h"

235

236

+#ifdef HAVE_SECCOMP

237

+int lxc_seccomp_load(struct lxc_conf *conf);

238

+int lxc_read_seccomp_config(struct lxc_conf *conf);

239

+#else

240

+static inline int lxc_seccomp_load(struct lxc_conf *conf) {

241

+ return 0;

242

243

244

+static inline int lxc_read_seccomp_config(struct lxc_conf *conf) {

245

+ return 0;

246

247

+#endif

248

249

+#endif

250

Index: lxc-fix-seccomp/src/lxc/seccomp.c

251

===================================================================

252

--- /dev/null 1970-01-01 00:00:00.000000000 +0000

253

+++ lxc-fix-seccomp/src/lxc/seccomp.c 2012-08-16 15:38:00.877173000 -0500

145

254

@@ -0,0 +1,121 @@

146

255

+/*

147

256

+ * lxc: linux Container library

264

373

+ }

265

374

+ return 0;

266

375

267

Index: lxc-0.8.0~rc1/src/lxc/start.c

376

Index: lxc-fix-seccomp/src/lxc/start.c

268

377

===================================================================

269

--- lxc-0.8.0~rc1.orig/src/lxc/start.c 2012-08-08 17:54:34.000000000 -0500

270

+++ lxc-0.8.0~rc1/src/lxc/start.c 2012-08-08 17:54:34.000000000 -0500

271

@@ -354,6 +354,11 @@

378

--- lxc-fix-seccomp.orig/src/lxc/start.c 2012-08-16 15:38:00.877173000 -0500

379

+++ lxc-fix-seccomp/src/lxc/start.c 2012-08-16 15:38:00.877173000 -0500

380

@@ -129,6 +129,7 @@

381

#include "console.h"

382

#include "sync.h"

383

#include "namespace.h"

384

+#include "lxcseccomp.h"

385

386

lxc_log_define(lxc_start, lxc);

387

388

@@ -354,6 +355,11 @@

272

389

goto out_free;

273

390

}

274

391

280

397

/* Begin the set the state to STARTING*/

281

398

if (lxc_set_state(name, handler, STARTING)) {

282

399

ERROR("failed to set state '%s'", lxc_state2str(STARTING));

283

@@ -587,6 +592,9 @@

400

@@ -587,6 +593,9 @@

284

401

if (apparmor_load(handler) < 0)

285

402

goto out_warn_father;

286

403

290

407

close(handler->sigfd);

291

408

292

409

HOOK(handler->name, "start", handler->conf);

293

Index: lxc-0.8.0~rc1/src/lxc/lxcseccomp.h

294

===================================================================

295

--- /dev/null 1970-01-01 00:00:00.000000000 +0000

296

+++ lxc-0.8.0~rc1/src/lxc/lxcseccomp.h 2012-08-08 17:54:34.000000000 -0500

297

@@ -0,0 +1,41 @@

298

+/*

299

+ * lxc: linux Container library

300

+ *

301

+ * (C) Copyright Canonical, Inc. 2012

302

+ *

303

+ * Authors:

304

+ * Serge Hallyn <serge.hallyn@canonical.com>

305

+ *

306

+ * This library is free software; you can redistribute it and/or

307

+ * modify it under the terms of the GNU Lesser General Public

308

+ * License as published by the Free Software Foundation; either

309

+ * version 2.1 of the License, or (at your option) any later version.

310

+ *

311

+ * This library is distributed in the hope that it will be useful,

312

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

313

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

314

+ * Lesser General Public License for more details.

315

+ *

316

+ * You should have received a copy of the GNU Lesser General Public

317

+ * License along with this library; if not, write to the Free Software

318

+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

319

+ */

320

321

+#ifndef _lxc_seccomp_h

322

323

+#include "conf.h"

324

325

+#ifdef HAVE_SECCOMP

326

+int lxc_seccomp_load(struct lxc_conf *conf);

327

+int lxc_read_seccomp_config(struct lxc_conf *conf);

328

+#else

329

+static inline int lxc_seccomp_load(struct lxc_conf *conf) {

330

+ return 0;

331

332

333

+static inline int lxc_read_seccomp_config(struct lxc_conf *conf) {

334

+ return 0;

335

336

+#endif

337

338

+#endif

339

Index: lxc-0.8.0~rc1/README

340

===================================================================

341

--- lxc-0.8.0~rc1.orig/README 2011-10-25 07:02:11.000000000 -0500

342

+++ lxc-0.8.0~rc1/README 2012-08-08 17:54:34.000000000 -0500

343

@@ -52,3 +52,27 @@

344

345

AUTHOR

346

Daniel Lezcano <daniel.lezcano@free.fr>

347

348

+Seccomp with LXC

349

+----------------

350

351

+To restrict a container with seccomp, you must specify a profile which is

352

+basically a whitelist of system calls it may execute. In the container

353

+config file, add a line like

354

355

+lxc.seccomp = /var/lib/lxc/q1/seccomp.full

356

357

+I created a usable (but basically worthless) seccomp.full file using

358

359

+cat > seccomp.full << EOF

360

361

+whitelist

362

+EOF

363

+for i in `seq 0 300`; do

364

+ echo $i >> secomp.full

365

+done

366

+for i in `seq 1024 1079`; do

367

+ echo $i >> seccomp.full

368

+done

369

370

+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Jul 2012 15:47:02 +0600

371

Index: lxc-0.8.0~rc1/src/lxc/Makefile.in

372

===================================================================

373

--- lxc-0.8.0~rc1.orig/src/lxc/Makefile.in 2012-08-08 17:54:34.000000000 -0500

374

+++ lxc-0.8.0~rc1/src/lxc/Makefile.in 2012-08-08 17:55:55.125019315 -0500

375

@@ -363,6 +363,7 @@

376

genl.c genl.h \

377

378

caps.c caps.h \

379

+ seccomp.c seccomp.h \

380

mainloop.c mainloop.h \

381

af_unix.c af_unix.h \

382

383

@@ -378,7 +379,7 @@

384

-shared \

385

-Wl,-soname,liblxc.so.$(firstword $(subst ., ,$(VERSION)))

386

387

-liblxc_so_LDADD = -lutil $(CAP_LIBS) -lapparmor

388

+liblxc_so_LDADD = -lutil $(CAP_LIBS) -lapparmor -lseccomp

389

bin_SCRIPTS = \

390

lxc-ps \

391

lxc-netstat \

392

@@ -393,7 +394,7 @@

393

lxc-destroy

394

395

AM_LDFLAGS = -Wl,-E $(am__append_1)

396

-LDADD = liblxc.so @CAP_LIBS@ -lapparmor

397

+LDADD = liblxc.so @CAP_LIBS@ -lapparmor -lseccomp

398

lxc_attach_SOURCES = lxc_attach.c

399

lxc_cgroup_SOURCES = lxc_cgroup.c

400

lxc_checkpoint_SOURCES = lxc_checkpoint.c

410

Index: lxc-fix-seccomp/configure

411

===================================================================

412

--- lxc-fix-seccomp.orig/configure 2012-08-16 15:38:00.877173000 -0500

413

+++ lxc-fix-seccomp/configure 2012-08-16 16:23:27.284003869 -0500

414

@@ -623,7 +623,10 @@

415

ENABLE_EXAMPLES_TRUE

416

ENABLE_DOCBOOK_FALSE

417

ENABLE_DOCBOOK_TRUE

418

+SECCOMP_LIBS

419

have_docbook

420

+ENABLE_SECCOMP_FALSE

421

+ENABLE_SECCOMP_TRUE

422

ENABLE_RPATH_FALSE

423

ENABLE_RPATH_TRUE

424

SETCAP

425

@@ -720,6 +723,7 @@

426

enable_option_checking

427

enable_dependency_tracking

428

enable_rpath

429

+enable_seccomp

430

enable_doc

431

enable_examples

432

with_config_path

433

@@ -1358,6 +1362,7 @@

434

--disable-dependency-tracking speeds up one-time build

435

--enable-dependency-tracking do not reject slow dependency extractors

436

--disable-rpath do not set rpath in executables

437

+ --enable-seccomp enable seccomp

438

--enable-doc make mans (require docbook2man installed)

439

[default=auto]

440

--disable-examples do not install configuration examples

441

@@ -4340,6 +4345,22 @@

442

443

444

445

+# Check whether --enable-seccomp was given.

446

+if test "${enable_seccomp+set}" = set; then :

447

+ enableval=$enable_seccomp;

448

+else

449

+ enable_seccomp=yes

450

+fi

451

452

+ if test "x$enable_seccomp" = "xyes"; then

453

+ ENABLE_SECCOMP_TRUE=

454

+ ENABLE_SECCOMP_FALSE='#'

455

+else

456

+ ENABLE_SECCOMP_TRUE='#'

457

+ ENABLE_SECCOMP_FALSE=

458

+fi

459

460

461

# Check whether --enable-doc was given.

462

if test "${enable_doc+set}" = set; then :

463

enableval=$enable_doc;

464

@@ -4392,6 +4413,71 @@

465

as_fn_error $? "docbook2man required by man request, but not found" "$LINENO" 5

466

467

468

+if test -z "$ENABLE_SECCOMP_TRUE"; then :

469

+ ac_fn_c_check_header_mongrel "$LINENO" "seccomp.h" "ac_cv_header_seccomp_h" "$ac_includes_default"

470

+if test "x$ac_cv_header_seccomp_h" = xyes; then :

471

472

+else

473

+ as_fn_error $? "You must install the seccomp development package in order to compile lxc" "$LINENO" 5

474

+fi

475

476

477

+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp_init in -lseccomp" >&5

478

+$as_echo_n "checking for seccomp_init in -lseccomp... " >&6; }

479

+if ${ac_cv_lib_seccomp_seccomp_init+:} false; then :

480

+ $as_echo_n "(cached) " >&6

481

+else

482

+ ac_check_lib_save_LIBS=$LIBS

483

+LIBS="-lseccomp $LIBS"

484

+cat confdefs.h - <<_ACEOF >conftest.$ac_ext

485

+/* end confdefs.h. */

486

487

+/* Override any GCC internal prototype to avoid an error.

488

+ Use char because int might match the return type of a GCC

489

+ builtin and then its argument prototype would still apply. */

490

+#ifdef __cplusplus

491

+extern "C"

492

+#endif

493

+char seccomp_init ();

494

+int

495

+main ()

496

497

+return seccomp_init ();

498

+ ;

499

+ return 0;

500

501

+_ACEOF

502

+if ac_fn_c_try_link "$LINENO"; then :

503

+ ac_cv_lib_seccomp_seccomp_init=yes

504

+else

505

+ ac_cv_lib_seccomp_seccomp_init=no

506

+fi

507

+rm -f core conftest.err conftest.$ac_objext \

508

+ conftest$ac_exeext conftest.$ac_ext

509

+LIBS=$ac_check_lib_save_LIBS

510

+fi

511

+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_seccomp_seccomp_init" >&5

512

+$as_echo "$ac_cv_lib_seccomp_seccomp_init" >&6; }

513

+if test "x$ac_cv_lib_seccomp_seccomp_init" = xyes; then :

514

+ cat >>confdefs.h <<_ACEOF

515

+#define HAVE_LIBSECCOMP 1

516

+_ACEOF

517

518

+ LIBS="-lseccomp $LIBS"

519

520

+else

521

+ as_fn_error $? "You must install the seccomp development package in order to compile lxc" "$LINENO" 5

522

+fi

523

524

525

+cat >>confdefs.h <<_ACEOF

526

+#define ENABLE_SECCOMP 1

527

+_ACEOF

528

529

+ SECCOMP_LIBS=-lseccomp

530

531

+fi

532

533

if test "x$have_docbook" = "xyes"; then

534

ENABLE_DOCBOOK_TRUE=

535

ENABLE_DOCBOOK_FALSE='#'

536

@@ -5103,6 +5189,10 @@

537

as_fn_error $? "conditional \"ENABLE_RPATH\" was never defined.

538

Usually this means the macro was only invoked conditionally." "$LINENO" 5

539

540

+if test -z "${ENABLE_SECCOMP_TRUE}" && test -z "${ENABLE_SECCOMP_FALSE}"; then

541

+ as_fn_error $? "conditional \"ENABLE_SECCOMP\" was never defined.

542

+Usually this means the macro was only invoked conditionally." "$LINENO" 5

543

+fi

544

if test -z "${ENABLE_DOCBOOK_TRUE}" && test -z "${ENABLE_DOCBOOK_FALSE}"; then

545

as_fn_error $? "conditional \"ENABLE_DOCBOOK\" was never defined.

546

Usually this means the macro was only invoked conditionally." "$LINENO" 5

Older »