Merge changes I45d3895f,I541be3ea,Ibe51416d into main

* changes: libstore/build: block io_uring libstore/build: use an allowlist approach to syscall filtering libstore/build: always treat seccomp setup failures as fatal
author: alois31 <alois1@gmx-topmail.de> 2024-07-26 07:08:35 +0000
committer: Gerrit Code Review <gerrit@localhost> 2024-07-26 07:08:35 +0000
commit: d945e89e19bb508133bc563fb960b1cf1e785410 (patch)
tree: 6a29d77bb1f08e437651163ef58c0063ee0ac2a1 /maintainers/check-syscalls.sh
parent: 60a48311e84c228e664a44c8d049ea3080879a40 (diff)
parent: e7188e211a5a2ac0ba34635a846569560bb5f000 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/maintainers/check-syscalls.sh b/maintainers/check-syscalls.sh
new file mode 100755
index 000000000..cd72ac23b
--- /dev/null
+++ b/maintainers/check-syscalls.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -e
+
+diff -u <(awk < src/libstore/build/local-derivation-goal.cc '/BEGIN extract-syscalls/ { extracting = 1; next }
+match($0, /allowSyscall\(ctx, SCMP_SYS\(([^)]*)\)\);|\/\/ skip ([^ ]*)/, result) { print result[1] result[2] }
+/END extract-syscalls/ { extracting = 0; next }') <(tail -n+2 "$1" | cut -d, -f 1)
author	alois31 <alois1@gmx-topmail.de>	2024-07-26 07:08:35 +0000
committer	Gerrit Code Review <gerrit@localhost>	2024-07-26 07:08:35 +0000
commit	d945e89e19bb508133bc563fb960b1cf1e785410 (patch)
tree	6a29d77bb1f08e437651163ef58c0063ee0ac2a1 /maintainers/check-syscalls.sh
parent	60a48311e84c228e664a44c8d049ea3080879a40 (diff)
parent	e7188e211a5a2ac0ba34635a846569560bb5f000 (diff)