From d6e71e1416ca34fbca69a38787796cf928f0aae7 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Sat, 15 Jan 2022 14:59:03 +0100 Subject: minijail: new package --- package/minijail/Makefile | 38 ++++++++++++++++++++++++++++ package/minijail/patches/patch-common_mk | 15 +++++++++++ package/minijail/patches/patch-libminijail_c | 12 +++++++++ 3 files changed, 65 insertions(+) create mode 100644 package/minijail/Makefile create mode 100644 package/minijail/patches/patch-common_mk create mode 100644 package/minijail/patches/patch-libminijail_c diff --git a/package/minijail/Makefile b/package/minijail/Makefile new file mode 100644 index 000000000..4582ff62f --- /dev/null +++ b/package/minijail/Makefile @@ -0,0 +1,38 @@ +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include $(ADK_TOPDIR)/rules.mk + +PKG_NAME:= minijail +PKG_VERSION:= v17 +PKG_RELEASE:= 1 +PKG_HASH:= 1ee5a5916491a32c121c7422b4d8c16481c0396a3acab34bf1c44589dcf810ae +PKG_DESCR:= sandboxing and containment tool +PKG_SECTION:= sys/misc +PKG_DEPENDS:= libcap +PKG_BUILDDEP:= libcap +PKG_URL:= https://google.github.io/minijail/ +PKG_SITES:= https://github.com/google/minijail/archive/refs/tags/ + +DISTFILES:= linux-$(PKG_VERSION).tar.gz +WRKDIST= ${WRKDIR}/${PKG_NAME}-linux-${PKG_VERSION} + +include $(ADK_TOPDIR)/mk/package.mk + +$(eval $(call PKG_template,MINIJAIL,minijail,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION))) + +CONFIG_STYLE:= manual +INSTALL_STYLE:= manual + +minijail-install: + $(INSTALL_DIR) $(IDIR_MINIJAIL)/lib + $(CP) $(WRKBUILD)/libminijailpreload.so \ + $(IDIR_MINIJAIL)/lib + $(INSTALL_DIR) $(IDIR_MINIJAIL)/lib + $(CP) $(WRKBUILD)/libminijail.so \ + $(IDIR_MINIJAIL)/lib + $(INSTALL_DIR) $(IDIR_MINIJAIL)/usr/bin + $(INSTALL_BIN) $(WRKBUILD)/minijail0 \ + $(IDIR_MINIJAIL)/usr/bin + +include $(ADK_TOPDIR)/mk/pkg-bottom.mk diff --git a/package/minijail/patches/patch-common_mk b/package/minijail/patches/patch-common_mk new file mode 100644 index 000000000..23dc08e77 --- /dev/null +++ b/package/minijail/patches/patch-common_mk @@ -0,0 +1,15 @@ +--- minijail-linux-v17.orig/common.mk 2021-08-11 08:01:06.000000000 +0200 ++++ minijail-linux-v17/common.mk 2022-01-13 04:53:35.432449083 +0100 +@@ -306,12 +306,6 @@ check_libs_cxx = $(call check_compile,$( + check_cc = $(call check_compile_cc,'int main() { return 0; }',$(1),$(2)) + check_cxx = $(call check_compile_cxx,'int main() { return 0; }',$(1),$(2)) + +-# Choose the stack protector flags based on whats supported by the compiler. +-SSP_CFLAGS := $(call check_cc,-fstack-protector-strong) +-ifeq ($(SSP_CFLAGS),) +- SSP_CFLAGS := $(call check_cc,-fstack-protector-all) +-endif +- + # To update these from an including Makefile: + # CXXFLAGS += -mahflag # Append to the list + # CXXFLAGS := -mahflag $(CXXFLAGS) # Prepend to the list diff --git a/package/minijail/patches/patch-libminijail_c b/package/minijail/patches/patch-libminijail_c new file mode 100644 index 000000000..67b06094e --- /dev/null +++ b/package/minijail/patches/patch-libminijail_c @@ -0,0 +1,12 @@ +--- minijail-linux-v17.orig/libminijail.c 2021-08-11 08:01:06.000000000 +0200 ++++ minijail-linux-v17/libminijail.c 2022-01-13 04:24:57.190934413 +0100 +@@ -2620,9 +2620,6 @@ static int fd_is_open(int fd) + return fcntl(fd, F_GETFD) != -1 || errno != EBADF; + } + +-static_assert(FD_SETSIZE >= MAX_PRESERVED_FDS * 2 - 1, +- "If true, ensure_no_fd_conflict will always find an unused fd."); +- + /* If parent_fd will be used by a child fd, move it to an unused fd. */ + static int ensure_no_fd_conflict(const fd_set *child_fds, + int child_fd, int *parent_fd) -- cgit v1.2.3