* [PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp @ 2015-03-10 12:11 Bogdan Purcareata 2015-03-10 17:08 ` Bruce Ashfield 0 siblings, 1 reply; 3+ messages in thread From: Bogdan Purcareata @ 2015-03-10 12:11 UTC (permalink / raw) To: meta-virtualization Determine whether libseccomp is installed in the Yocto image, and based on that, compile the necessary support for LXC as well. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> --- recipes-containers/lxc/lxc_1.0.7.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.0.7.bb index c618c84..4110ac5 100644 --- a/recipes-containers/lxc/lxc_1.0.7.bb +++ b/recipes-containers/lxc/lxc_1.0.7.bb @@ -43,12 +43,14 @@ EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}" PACKAGECONFIG ??= "templates \ ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \ + ${@base_contains('IMAGE_INSTALL', 'libseccomp', 'seccomp', '', d)} \ " PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,," PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,," PACKAGECONFIG[apparmour] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor" PACKAGECONFIG[templates] = ",,, ${PN}-templates" PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux" +PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp" inherit autotools pkgconfig ptest update-rc.d systemd -- 2.1.4 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp 2015-03-10 12:11 [PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp Bogdan Purcareata @ 2015-03-10 17:08 ` Bruce Ashfield 2015-03-11 8:14 ` Purcareata Bogdan 0 siblings, 1 reply; 3+ messages in thread From: Bruce Ashfield @ 2015-03-10 17:08 UTC (permalink / raw) To: Bogdan Purcareata; +Cc: meta-virtualization@yoctoproject.org On Tue, Mar 10, 2015 at 8:11 AM, Bogdan Purcareata <bogdan.purcareata@freescale.com> wrote: > Determine whether libseccomp is installed in the Yocto image, and based on that, > compile the necessary support for LXC as well. > > Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> > --- > recipes-containers/lxc/lxc_1.0.7.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.0.7.bb > index c618c84..4110ac5 100644 > --- a/recipes-containers/lxc/lxc_1.0.7.bb > +++ b/recipes-containers/lxc/lxc_1.0.7.bb > @@ -43,12 +43,14 @@ EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}" > > PACKAGECONFIG ??= "templates \ > ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \ > + ${@base_contains('IMAGE_INSTALL', 'libseccomp', 'seccomp', '', d)} \ This doesn't seem correct, or at least not in the spirit of other package config options and tests that I've used (and seen). But if you know of a reference that looks like this, point me in its direction and I'll have a look. Testing on distro features is one thing, as would be image features .. but IMAGE_INSTALL is not the same, and isn't always used. Part of the package config is to trigger both depends and rdepends on other packages when it is enabled. In this case, we are doing the opposite, using the dependency to trigger the package config. Either this test needs to be patched into the lxc configuration phase, so it can detect it at runtime, or just leave it at a package config option. Your layers can then enable that packageconfig and everything works as expected, and we don't force all users to enable this in lxc when they may not want it simply because libseccomp is present. Bruce > " > PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,," > PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,," > PACKAGECONFIG[apparmour] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor" > PACKAGECONFIG[templates] = ",,, ${PN}-templates" > PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux" > +PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp" > > inherit autotools pkgconfig ptest update-rc.d systemd > > -- > 2.1.4 > > -- > _______________________________________________ > meta-virtualization mailing list > meta-virtualization@yoctoproject.org > https://lists.yoctoproject.org/listinfo/meta-virtualization -- "Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end" ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp 2015-03-10 17:08 ` Bruce Ashfield @ 2015-03-11 8:14 ` Purcareata Bogdan 0 siblings, 0 replies; 3+ messages in thread From: Purcareata Bogdan @ 2015-03-11 8:14 UTC (permalink / raw) To: Bruce Ashfield, Bogdan Purcareata; +Cc: meta-virtualization@yoctoproject.org On 10.03.2015 19:08, Bruce Ashfield wrote: > On Tue, Mar 10, 2015 at 8:11 AM, Bogdan Purcareata > <bogdan.purcareata@freescale.com> wrote: >> Determine whether libseccomp is installed in the Yocto image, and based on that, >> compile the necessary support for LXC as well. >> >> Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> >> --- >> recipes-containers/lxc/lxc_1.0.7.bb | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.0.7.bb >> index c618c84..4110ac5 100644 >> --- a/recipes-containers/lxc/lxc_1.0.7.bb >> +++ b/recipes-containers/lxc/lxc_1.0.7.bb >> @@ -43,12 +43,14 @@ EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}" >> >> PACKAGECONFIG ??= "templates \ >> ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \ >> + ${@base_contains('IMAGE_INSTALL', 'libseccomp', 'seccomp', '', d)} \ > > This doesn't seem correct, or at least not in the spirit of other > package config options > and tests that I've used (and seen). But if you know of a reference > that looks like this, > point me in its direction and I'll have a look. > > Testing on distro features is one thing, as would be image features .. > but IMAGE_INSTALL > is not the same, and isn't always used. > > Part of the package config is to trigger both depends and rdepends on > other packages > when it is enabled. In this case, we are doing the opposite, using the > dependency to > trigger the package config. > > Either this test needs to be patched into the lxc configuration phase, > so it can detect > it at runtime, or just leave it at a package config option. Your > layers can then enable > that packageconfig and everything works as expected, and we don't > force all users > to enable this in lxc when they may not want it simply because > libseccomp is present. I understand, thank you for making it clear. I don't have a strong argument for my patch, so I think the best option for now would be to leave the PACKAGECONFIG option only, and let the layers or image configuration file handle what's active at build time. I will send a v2. Best regards, Bogdan P. > Bruce > >> " >> PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,," >> PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,," >> PACKAGECONFIG[apparmour] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor" >> PACKAGECONFIG[templates] = ",,, ${PN}-templates" >> PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux" >> +PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp" >> >> inherit autotools pkgconfig ptest update-rc.d systemd >> >> -- >> 2.1.4 >> >> -- >> _______________________________________________ >> meta-virtualization mailing list >> meta-virtualization@yoctoproject.org >> https://lists.yoctoproject.org/listinfo/meta-virtualization > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-03-11 8:14 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-03-10 12:11 [PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp Bogdan Purcareata 2015-03-10 17:08 ` Bruce Ashfield 2015-03-11 8:14 ` Purcareata Bogdan
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.