aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLinus Heckemann <git@sphalerite.org>2018-02-20 12:30:03 +0000
committerLinus Heckemann <git@sphalerite.org>2018-02-27 00:32:15 +0000
commit919c3c20b3ebbf8b83b8de28b612d09270e7a2a6 (patch)
tree17af6ba88f69da74c4b385caa43301db4391df48 /src
parenteb03a296c1a538111056ce0d554911410c4ccb48 (diff)
seccomp: add 32-bit ARM on aarch64-linux
This allows building armv[67]l-linux derivations on compatible aarch64 machines. Failure to add the architecture may result from missing hardware support, in which case we can't run 32-bit binaries and don't need to restrict them with seccomp anyway,
Diffstat (limited to 'src')
-rw-r--r--src/libstore/build.cc4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 1d611ffba..2466f9bd6 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2491,6 +2491,10 @@ void setupSeccomp()
seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
throw SysError("unable to add X32 seccomp architecture");
+ if (settings.thisSystem == "aarch64-linux" &&
+ seccomp_arch_add(ctx, SCMP_ARCH_ARM) != 0)
+ printError("unsable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes.");
+
/* Prevent builders from creating setuid/setgid binaries. */
for (int perm : { S_ISUID, S_ISGID }) {
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,