From 90835c2b8127406615785a9d4348ffdf3c813c8a Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 17 Nov 2020 14:22:24 +0100 Subject: seccomp: convert to meson Signed-off-by: Paolo Bonzini --- configure | 32 ++++---------------------------- meson.build | 10 ++++++---- meson_options.txt | 2 ++ softmmu/meson.build | 2 +- softmmu/qemu-seccomp.c | 2 -- tools/meson.build | 4 ++-- 6 files changed, 15 insertions(+), 37 deletions(-) diff --git a/configure b/configure index 5766bce587..0c4104e7d3 100755 --- a/configure +++ b/configure @@ -413,7 +413,7 @@ debug_stack_usage="no" crypto_afalg="no" cfi="false" cfi_debug="false" -seccomp="$default_feature" +seccomp="auto" glusterfs="auto" gtk="$default_feature" gtk_gl="no" @@ -1355,9 +1355,9 @@ for opt do ;; --disable-tools) want_tools="no" ;; - --enable-seccomp) seccomp="yes" + --enable-seccomp) seccomp="enabled" ;; - --disable-seccomp) seccomp="no" + --disable-seccomp) seccomp="disabled" ;; --disable-glusterfs) glusterfs="disabled" ;; @@ -2457,24 +2457,6 @@ EOF fi fi -########################################## -# libseccomp check - -if test "$seccomp" != "no" ; then - libseccomp_minver="2.3.0" - if $pkg_config --atleast-version=$libseccomp_minver libseccomp ; then - seccomp_cflags="$($pkg_config --cflags libseccomp)" - seccomp_libs="$($pkg_config --libs libseccomp)" - seccomp="yes" - else - if test "$seccomp" = "yes" ; then - feature_not_found "libseccomp" \ - "Install libseccomp devel >= $libseccomp_minver" - fi - seccomp="no" - fi -fi - ########################################## # xen probe @@ -6084,12 +6066,6 @@ if test "$avx512f_opt" = "yes" ; then echo "CONFIG_AVX512F_OPT=y" >> $config_host_mak fi -if test "$seccomp" = "yes"; then - echo "CONFIG_SECCOMP=y" >> $config_host_mak - echo "SECCOMP_CFLAGS=$seccomp_cflags" >> $config_host_mak - echo "SECCOMP_LIBS=$seccomp_libs" >> $config_host_mak -fi - # XXX: suppress that if [ "$bsd" = "yes" ] ; then echo "CONFIG_BSD=y" >> $config_host_mak @@ -6648,7 +6624,7 @@ NINJA=$ninja $meson setup \ -Dcurl=$curl -Dglusterfs=$glusterfs -Dbzip2=$bzip2 -Dlibiscsi=$libiscsi \ -Dlibnfs=$libnfs -Diconv=$iconv -Dcurses=$curses -Dlibudev=$libudev\ -Drbd=$rbd -Dlzo=$lzo -Dsnappy=$snappy -Dlzfse=$lzfse \ - -Dzstd=$zstd \ + -Dzstd=$zstd -Dseccomp=$seccomp \ -Ddocs=$docs -Dsphinx_build=$sphinx_build -Dinstall_blobs=$blobs \ -Dvhost_user_blk_server=$vhost_user_blk_server \ -Dfuse=$fuse -Dfuse_lseek=$fuse_lseek \ diff --git a/meson.build b/meson.build index 20a4705b3f..55c3969fab 100644 --- a/meson.build +++ b/meson.build @@ -333,9 +333,10 @@ if 'CONFIG_ATTR' in config_host libattr = declare_dependency(link_args: config_host['LIBATTR_LIBS'].split()) endif seccomp = not_found -if 'CONFIG_SECCOMP' in config_host - seccomp = declare_dependency(compile_args: config_host['SECCOMP_CFLAGS'].split(), - link_args: config_host['SECCOMP_LIBS'].split()) +if not get_option('seccomp').auto() or have_system or have_tools + seccomp = dependency('libseccomp', version: '>=2.3.0', + required: get_option('seccomp'), + method: 'pkg-config', static: enable_static) endif libcap_ng = not_found if 'CONFIG_LIBCAP_NG' in config_host @@ -998,6 +999,7 @@ config_host_data.set('CONFIG_LIBNFS', libnfs.found()) config_host_data.set('CONFIG_RBD', rbd.found()) config_host_data.set('CONFIG_SDL', sdl.found()) config_host_data.set('CONFIG_SDL_IMAGE', sdl_image.found()) +config_host_data.set('CONFIG_SECCOMP', seccomp.found()) config_host_data.set('CONFIG_SNAPPY', snappy.found()) config_host_data.set('CONFIG_VHOST_USER_BLK_SERVER', have_vhost_user_blk_server) config_host_data.set('CONFIG_VNC', vnc.found()) @@ -2367,7 +2369,7 @@ if targetos == 'windows' summary_info += {'QGA w32 disk info': config_host.has_key('CONFIG_QGA_NTDDSCSI')} summary_info += {'QGA MSI support': config_host.has_key('CONFIG_QGA_MSI')} endif -summary_info += {'seccomp support': config_host.has_key('CONFIG_SECCOMP')} +summary_info += {'seccomp support': seccomp.found()} summary_info += {'CFI support': get_option('cfi')} summary_info += {'CFI debug support': get_option('cfi_debug')} summary_info += {'coroutine backend': config_host['CONFIG_COROUTINE_BACKEND']} diff --git a/meson_options.txt b/meson_options.txt index b92b13a71b..c0eba45d7c 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -72,6 +72,8 @@ option('sdl', type : 'feature', value : 'auto', description: 'SDL user interface') option('sdl_image', type : 'feature', value : 'auto', description: 'SDL Image support for icons') +option('seccomp', type : 'feature', value : 'auto', + description: 'seccomp support') option('snappy', type : 'feature', value : 'auto', description: 'snappy compression support') option('u2f', type : 'feature', value : 'auto', diff --git a/softmmu/meson.build b/softmmu/meson.build index 2dab6c7eb6..d8e03018ab 100644 --- a/softmmu/meson.build +++ b/softmmu/meson.build @@ -28,5 +28,5 @@ softmmu_ss.add(files( ), sdl, libpmem, libdaxctl) softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c')) -softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), seccomp]) +softmmu_ss.add(when: seccomp, if_true: files('qemu-seccomp.c')) softmmu_ss.add(when: fdt, if_true: files('device_tree.c')) diff --git a/softmmu/qemu-seccomp.c b/softmmu/qemu-seccomp.c index 8325ecb766..377ef6937c 100644 --- a/softmmu/qemu-seccomp.c +++ b/softmmu/qemu-seccomp.c @@ -202,7 +202,6 @@ static int seccomp_start(uint32_t seccomp_opts, Error **errp) return rc < 0 ? -1 : 0; } -#ifdef CONFIG_SECCOMP int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) { if (qemu_opt_get_bool(opts, "enable", false)) { @@ -328,4 +327,3 @@ static void seccomp_register(void) } } opts_init(seccomp_register); -#endif diff --git a/tools/meson.build b/tools/meson.build index 76bf84df52..5c52d79fe4 100644 --- a/tools/meson.build +++ b/tools/meson.build @@ -1,6 +1,6 @@ have_virtiofsd = (targetos == 'linux' and have_tools and - 'CONFIG_SECCOMP' in config_host and + seccomp.found() and 'CONFIG_LIBCAP_NG' in config_host and 'CONFIG_VHOST_USER' in config_host) @@ -8,7 +8,7 @@ if get_option('virtiofsd').enabled() if not have_virtiofsd if targetos != 'linux' error('virtiofsd requires Linux') - elif 'CONFIG_SECCOMP' not in config_host or 'CONFIG_LIBCAP_NG' not in config_host + elif not seccomp.found() or 'CONFIG_LIBCAP_NG' not in config_host error('virtiofsd requires libcap-ng-devel and seccomp-devel') elif not have_tools or 'CONFIG_VHOST_USER' not in config_host error('virtiofsd needs tools and vhost-user support') -- cgit v1.2.3