summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--package/minijail/Makefile38
-rw-r--r--package/minijail/patches/patch-common_mk15
-rw-r--r--package/minijail/patches/patch-libminijail_c12
3 files changed, 65 insertions, 0 deletions
diff --git a/package/minijail/Makefile b/package/minijail/Makefile
new file mode 100644
index 000000000..4582ff62f
--- /dev/null
+++ b/package/minijail/Makefile
@@ -0,0 +1,38 @@
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include $(ADK_TOPDIR)/rules.mk
+
+PKG_NAME:= minijail
+PKG_VERSION:= v17
+PKG_RELEASE:= 1
+PKG_HASH:= 1ee5a5916491a32c121c7422b4d8c16481c0396a3acab34bf1c44589dcf810ae
+PKG_DESCR:= sandboxing and containment tool
+PKG_SECTION:= sys/misc
+PKG_DEPENDS:= libcap
+PKG_BUILDDEP:= libcap
+PKG_URL:= https://google.github.io/minijail/
+PKG_SITES:= https://github.com/google/minijail/archive/refs/tags/
+
+DISTFILES:= linux-$(PKG_VERSION).tar.gz
+WRKDIST= ${WRKDIR}/${PKG_NAME}-linux-${PKG_VERSION}
+
+include $(ADK_TOPDIR)/mk/package.mk
+
+$(eval $(call PKG_template,MINIJAIL,minijail,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION)))
+
+CONFIG_STYLE:= manual
+INSTALL_STYLE:= manual
+
+minijail-install:
+ $(INSTALL_DIR) $(IDIR_MINIJAIL)/lib
+ $(CP) $(WRKBUILD)/libminijailpreload.so \
+ $(IDIR_MINIJAIL)/lib
+ $(INSTALL_DIR) $(IDIR_MINIJAIL)/lib
+ $(CP) $(WRKBUILD)/libminijail.so \
+ $(IDIR_MINIJAIL)/lib
+ $(INSTALL_DIR) $(IDIR_MINIJAIL)/usr/bin
+ $(INSTALL_BIN) $(WRKBUILD)/minijail0 \
+ $(IDIR_MINIJAIL)/usr/bin
+
+include $(ADK_TOPDIR)/mk/pkg-bottom.mk
diff --git a/package/minijail/patches/patch-common_mk b/package/minijail/patches/patch-common_mk
new file mode 100644
index 000000000..23dc08e77
--- /dev/null
+++ b/package/minijail/patches/patch-common_mk
@@ -0,0 +1,15 @@
+--- minijail-linux-v17.orig/common.mk 2021-08-11 08:01:06.000000000 +0200
++++ minijail-linux-v17/common.mk 2022-01-13 04:53:35.432449083 +0100
+@@ -306,12 +306,6 @@ check_libs_cxx = $(call check_compile,$(
+ check_cc = $(call check_compile_cc,'int main() { return 0; }',$(1),$(2))
+ check_cxx = $(call check_compile_cxx,'int main() { return 0; }',$(1),$(2))
+
+-# Choose the stack protector flags based on whats supported by the compiler.
+-SSP_CFLAGS := $(call check_cc,-fstack-protector-strong)
+-ifeq ($(SSP_CFLAGS),)
+- SSP_CFLAGS := $(call check_cc,-fstack-protector-all)
+-endif
+-
+ # To update these from an including Makefile:
+ # CXXFLAGS += -mahflag # Append to the list
+ # CXXFLAGS := -mahflag $(CXXFLAGS) # Prepend to the list
diff --git a/package/minijail/patches/patch-libminijail_c b/package/minijail/patches/patch-libminijail_c
new file mode 100644
index 000000000..67b06094e
--- /dev/null
+++ b/package/minijail/patches/patch-libminijail_c
@@ -0,0 +1,12 @@
+--- minijail-linux-v17.orig/libminijail.c 2021-08-11 08:01:06.000000000 +0200
++++ minijail-linux-v17/libminijail.c 2022-01-13 04:24:57.190934413 +0100
+@@ -2620,9 +2620,6 @@ static int fd_is_open(int fd)
+ return fcntl(fd, F_GETFD) != -1 || errno != EBADF;
+ }
+
+-static_assert(FD_SETSIZE >= MAX_PRESERVED_FDS * 2 - 1,
+- "If true, ensure_no_fd_conflict will always find an unused fd.");
+-
+ /* If parent_fd will be used by a child fd, move it to an unused fd. */
+ static int ensure_no_fd_conflict(const fd_set *child_fds,
+ int child_fd, int *parent_fd)