about summary refs log tree commit diff
diff options
context:
space:
mode:
authorLinus Heckemann <git@sphalerite.org>2018-02-20T12·30+0000
committerLinus Heckemann <git@sphalerite.org>2018-02-27T00·32+0000
commit919c3c20b3ebbf8b83b8de28b612d09270e7a2a6 (patch)
tree17af6ba88f69da74c4b385caa43301db4391df48
parenteb03a296c1a538111056ce0d554911410c4ccb48 (diff)
seccomp: add 32-bit ARM on aarch64-linux
This allows building armv[67]l-linux derivations on compatible aarch64
machines. Failure to add the architecture may result from missing
hardware support, in which case we can't run 32-bit binaries and don't
need to restrict them with seccomp anyway,
-rw-r--r--src/libstore/build.cc4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 1d611ffbaba5..2466f9bd6b06 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2491,6 +2491,10 @@ void setupSeccomp()
         seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
         throw SysError("unable to add X32 seccomp architecture");
 
+    if (settings.thisSystem == "aarch64-linux" &&
+        seccomp_arch_add(ctx, SCMP_ARCH_ARM) != 0)
+        printError("unsable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes.");
+
     /* Prevent builders from creating setuid/setgid binaries. */
     for (int perm : { S_ISUID, S_ISGID }) {
         if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(chmod), 1,