[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Build sandbox support etc. unconditionally on Linux.
From: |
Manolis Ragkousis |
Subject: |
Re: [PATCH] Build sandbox support etc. unconditionally on Linux. |
Date: |
Wed, 10 Aug 2016 22:07:21 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
Hello Mark,
On 08/10/16 20:39, Mark H Weaver wrote:
>
> I'm very reluctant to apply this patch. In general, it's preferable to
> rely on autoconf to test for individual features, rather than testing
> for particular kernels by name. It seems to me that this patch will
> hinder portability to other kernels.
>
> I'd be inclined to return to the approach you were proposing before
> discovering this upstream patch. I'll take a look at it soon.
>
> What do you think?
Well the other solution will be to break the CHROOT_ENABLED into smaller
macros, depending on what we check. If you think this is a better
solution then okay with me.
Locally I broke CHROOT_ENABLED into
#define CHROOT_ENABLED HAVE_CHROOT && HAVE_SYS_MOUNT_H &&
defined(MS_BIND) && defined(MS_PRIVATE)
#define CLONE_ENABLED defined(CLONE_NEWNS)
#if defined(SYS_pivot_root)
#define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root,
put_old))
#endif
And maybe we should rename CHROOT_ENABLED into SANDBOX_ENABLED or
something similar to better describe its purpose.
WDYT?
Thank you for looking into it,
Manolis