[PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp

[PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp

[Bogdan Purcareata]

Determine whether libseccomp is installed in the Yocto image, and based on that,
compile the necessary support for LXC as well.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
---
 recipes-containers/lxc/lxc_1.0.7.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.0.7.bb
index c618c84..4110ac5 100644
--- a/recipes-containers/lxc/lxc_1.0.7.bb
+++ b/recipes-containers/lxc/lxc_1.0.7.bb
@@ -43,12 +43,14 @@ EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}"
 
 PACKAGECONFIG ??= "templates \
     ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
+    ${@base_contains('IMAGE_INSTALL', 'libseccomp', 'seccomp', '', d)} \
 "
 PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,,"
 PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,,"
 PACKAGECONFIG[apparmour] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor"
 PACKAGECONFIG[templates] = ",,, ${PN}-templates"
 PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux"
+PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp"
 
 inherit autotools pkgconfig ptest update-rc.d systemd
 
-- 
2.1.4

Re: [PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp

[Bruce Ashfield]

On Tue, Mar 10, 2015 at 8:11 AM, Bogdan Purcareata
<bogdan.purcareata@freescale.com> wrote:
> Determine whether libseccomp is installed in the Yocto image, and based on that,
> compile the necessary support for LXC as well.
>
> Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
> ---
>  recipes-containers/lxc/lxc_1.0.7.bb | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.0.7.bb
> index c618c84..4110ac5 100644
> --- a/recipes-containers/lxc/lxc_1.0.7.bb
> +++ b/recipes-containers/lxc/lxc_1.0.7.bb
> @@ -43,12 +43,14 @@ EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}"
>
>  PACKAGECONFIG ??= "templates \
>      ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
> +    ${@base_contains('IMAGE_INSTALL', 'libseccomp', 'seccomp', '', d)} \

This doesn't seem correct, or at least not in the spirit of other
package config options
and tests that I've used (and seen). But if you know of a reference
that looks like this,
point me in its direction and I'll have a look.

Testing on distro features is one thing, as would be image features ..
but IMAGE_INSTALL
is not the same, and isn't always used.

Part of the package config is to trigger both depends and rdepends on
other packages
when it is enabled. In this case, we are doing the opposite, using the
dependency to
trigger the package config.

Either this test needs to be patched into the lxc configuration phase,
so it can detect
it at runtime, or just leave it at a package config option. Your
layers can then enable
that packageconfig and everything works as expected, and we don't
force all users
to enable this in lxc when they may not want it simply because
libseccomp is present.

Bruce

>  "
>  PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,,"
>  PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,,"
>  PACKAGECONFIG[apparmour] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor"
>  PACKAGECONFIG[templates] = ",,, ${PN}-templates"
>  PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux"
> +PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp"
>
>  inherit autotools pkgconfig ptest update-rc.d systemd
>
> --
> 2.1.4
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization



-- 
"Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end"

Re: [PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp

[Purcareata Bogdan]

On 10.03.2015 19:08, Bruce Ashfield wrote:
> On Tue, Mar 10, 2015 at 8:11 AM, Bogdan Purcareata
> <bogdan.purcareata@freescale.com> wrote:
>> Determine whether libseccomp is installed in the Yocto image, and based on that,
>> compile the necessary support for LXC as well.
>>
>> Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
>> ---
>>   recipes-containers/lxc/lxc_1.0.7.bb | 2 ++
>>   1 file changed, 2 insertions(+)
>>
>> diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.0.7.bb
>> index c618c84..4110ac5 100644
>> --- a/recipes-containers/lxc/lxc_1.0.7.bb
>> +++ b/recipes-containers/lxc/lxc_1.0.7.bb
>> @@ -43,12 +43,14 @@ EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}"
>>
>>   PACKAGECONFIG ??= "templates \
>>       ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
>> +    ${@base_contains('IMAGE_INSTALL', 'libseccomp', 'seccomp', '', d)} \
>
> This doesn't seem correct, or at least not in the spirit of other
> package config options
> and tests that I've used (and seen). But if you know of a reference
> that looks like this,
> point me in its direction and I'll have a look.
>
> Testing on distro features is one thing, as would be image features ..
> but IMAGE_INSTALL
> is not the same, and isn't always used.
>
> Part of the package config is to trigger both depends and rdepends on
> other packages
> when it is enabled. In this case, we are doing the opposite, using the
> dependency to
> trigger the package config.
>
> Either this test needs to be patched into the lxc configuration phase,
> so it can detect
> it at runtime, or just leave it at a package config option. Your
> layers can then enable
> that packageconfig and everything works as expected, and we don't
> force all users
> to enable this in lxc when they may not want it simply because
> libseccomp is present.

I understand, thank you for making it clear.

I don't have a strong argument for my patch, so I think the best option 
for now would be to leave the PACKAGECONFIG option only, and let the 
layers or image configuration file handle what's active at build time.

I will send a v2.

Best regards,
Bogdan P.

> Bruce
>
>>   "
>>   PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,,"
>>   PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,,"
>>   PACKAGECONFIG[apparmour] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor"
>>   PACKAGECONFIG[templates] = ",,, ${PN}-templates"
>>   PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux"
>> +PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp"
>>
>>   inherit autotools pkgconfig ptest update-rc.d systemd
>>
>> --
>> 2.1.4
>>
>> --
>> _______________________________________________
>> meta-virtualization mailing list
>> meta-virtualization@yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/meta-virtualization
>
>
>