You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Andrei Budnik <ab...@mesosphere.com> on 2018/10/22 17:04:06 UTC
Re: Review Request 68016: Added libseccomp to the build.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/
-----------------------------------------------------------
(Updated Oct. 22, 2018, 5:04 p.m.)
Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
Changes
-------
rebased
Bugs: MESOS-9032
https://issues.apache.org/jira/browse/MESOS-9032
Repository: mesos
Description
-------
This library is needed to implement Seccomp syscall filtering in the
Mesos containerizer. This patch introduces `seccomp-isolator` build
flag, which is used to include or exclude sources related to Seccomp
from the build. Since Seccomp is a Linux-specific feature, the flag
is disabled by default. Enabling `seccomp-isolator` means either:
1. Compiling and linking against the bundled version of libseccomp from
sources (default).
2. Linking against the libseccomp installed in the OS,
if `--with-libseccomp` build flag is provided.
Diffs (updated)
-----
3rdparty/CMakeLists.txt 9584f537cc2a862ce17037224fd0628ffda54b2b
3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
cmake/CompilationConfigure.cmake 5d2be0adc55ac5302c2e0e62131feb65657466be
configure.ac 1caab4d0630821a937d92f3c788a01ae3b5dc228
src/CMakeLists.txt 732368293049b7d9d6f62057344d433637ad44e8
src/Makefile.am 5795c7097a9ed1f659e169ad81a9f2c09481aa81
Diff: https://reviews.apache.org/r/68016/diff/5/
Changes: https://reviews.apache.org/r/68016/diff/4-5/
Testing
-------
Thanks,
Andrei Budnik
Re: Review Request 68016: Added libseccomp to the build.
Posted by Andrei Budnik <ab...@mesosphere.com>.
> On Dec. 12, 2018, 11:51 p.m., Gilbert Song wrote:
> > configure.ac
> > Lines 352 (patched)
> > <https://reviews.apache.org/r/68016/diff/9/?file=2110248#file2110248line352>
> >
> > Do we have a plan to deprecate this configuraton flag in the future? E.g., always only compile the seccomp library on linux.
Currently, we support old kernel version that does not support `seccomp`. E.g., `centos 6` is bases on pre-seccomp kernel.
I think we will deprecate this flag in the future.
- Andrei
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211258
-----------------------------------------------------------
On Nov. 8, 2018, 3:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 3:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt fb80b39d1717948e87256272bc5989f73d4f5995
> 3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2130c9b70eae62948d469b37692ff4eea3a4baf2
> configure.ac c193adf93531170fb31a31c296e3d4ae1d0300b2
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 8da1a05b618f17542fec9b5057484a9bae57658a
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/9/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Gilbert Song <so...@gmail.com>.
> On Dec. 12, 2018, 3:51 p.m., Gilbert Song wrote:
> > configure.ac
> > Lines 352 (patched)
> > <https://reviews.apache.org/r/68016/diff/9/?file=2110248#file2110248line352>
> >
> > Do we have a plan to deprecate this configuraton flag in the future? E.g., always only compile the seccomp library on linux.
>
> Andrei Budnik wrote:
> Currently, we support old kernel version that does not support `seccomp`. E.g., `centos 6` is bases on pre-seccomp kernel.
> I think we will deprecate this flag in the future.
ok, could we add a TODO here? so that people would capture our deprecation plan:)
- Gilbert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211258
-----------------------------------------------------------
On Nov. 8, 2018, 7:23 a.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 7:23 a.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt fb80b39d1717948e87256272bc5989f73d4f5995
> 3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2130c9b70eae62948d469b37692ff4eea3a4baf2
> configure.ac c193adf93531170fb31a31c296e3d4ae1d0300b2
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 8da1a05b618f17542fec9b5057484a9bae57658a
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/9/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Andrei Budnik <ab...@mesosphere.com>.
> On Dec. 12, 2018, 11:51 p.m., Gilbert Song wrote:
> > configure.ac
> > Lines 352 (patched)
> > <https://reviews.apache.org/r/68016/diff/9/?file=2110248#file2110248line352>
> >
> > Do we have a plan to deprecate this configuraton flag in the future? E.g., always only compile the seccomp library on linux.
>
> Andrei Budnik wrote:
> Currently, we support old kernel version that does not support `seccomp`. E.g., `centos 6` is bases on pre-seccomp kernel.
> I think we will deprecate this flag in the future.
>
> Gilbert Song wrote:
> ok, could we add a TODO here? so that people would capture our deprecation plan:)
Updated flag description.
- Andrei
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211258
-----------------------------------------------------------
On Nov. 8, 2018, 3:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 3:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/10/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Gilbert Song <so...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211258
-----------------------------------------------------------
configure.ac
Lines 352 (patched)
<https://reviews.apache.org/r/68016/#comment296192>
Do we have a plan to deprecate this configuraton flag in the future? E.g., always only compile the seccomp library on linux.
- Gilbert Song
On Nov. 8, 2018, 7:23 a.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 7:23 a.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt fb80b39d1717948e87256272bc5989f73d4f5995
> 3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2130c9b70eae62948d469b37692ff4eea3a4baf2
> configure.ac c193adf93531170fb31a31c296e3d4ae1d0300b2
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 8da1a05b618f17542fec9b5057484a9bae57658a
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/9/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Qian Zhang <zh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211773
-----------------------------------------------------------
src/CMakeLists.txt
Lines 55 (patched)
<https://reviews.apache.org/r/68016/#comment297381>
I think this should be part of the next patch (https://reviews.apache.org/r/68017) since the seccomp proto is introduced in that patch.
Ditto for the similar changes in `src/Makefile.am`.
src/Makefile.am
Lines 312 (patched)
<https://reviews.apache.org/r/68016/#comment297382>
Ditto.
- Qian Zhang
On Nov. 8, 2018, 11:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 11:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am a14216cf98f6638da06aa3dfc49e6b319fea7f87
> 3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/14/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Andrei Budnik <ab...@mesosphere.com>.
> On Dec. 25, 2018, 8:34 a.m., Qian Zhang wrote:
> > cmake/CompilationConfigure.cmake
> > Lines 449-452 (original), 449-452 (patched)
> > <https://reviews.apache.org/r/68016/diff/10-12/?file=2114531#file2114531line449>
> >
> > Do we need to check the required headers/libs (like below) after this?
> > ```
> > if (ENABLE_SECCOMP_ISOLATOR)
> > # Check for required headers and libraries.
> >
> > message(FATAL_ERROR
> > "The seccomp isolator is not yet supported, see MESOS-9029.")
> > endif ()
> > ```
We check for headers/libs in `3rdpart/CMakeLists.txt` using `find_package(LIBSECCOMP REQUIRED)`, so we don't need to check it here.
- Andrei
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211531
-----------------------------------------------------------
On Nov. 8, 2018, 3:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 3:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am a14216cf98f6638da06aa3dfc49e6b319fea7f87
> 3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/13/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Qian Zhang <zh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211531
-----------------------------------------------------------
cmake/CompilationConfigure.cmake
Lines 449-452 (original), 449-452 (patched)
<https://reviews.apache.org/r/68016/#comment296835>
Do we need to check the required headers/libs (like below) after this?
```
if (ENABLE_SECCOMP_ISOLATOR)
# Check for required headers and libraries.
message(FATAL_ERROR
"The seccomp isolator is not yet supported, see MESOS-9029.")
endif ()
```
cmake/CompilationConfigure.cmake
Lines 454-463 (patched)
<https://reviews.apache.org/r/68016/#comment296836>
Should we put this under `if (ENABLE_SECCOMP_ISOLATOR) ... endif()` since I think we only need to do this when seccomp isolator is enabled? And do we need to move this to line 70 `# 3RDPARTY OPTIONS.`?
- Qian Zhang
On Nov. 8, 2018, 11:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 11:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am a14216cf98f6638da06aa3dfc49e6b319fea7f87
> 3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/12/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Gilbert Song <so...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review212028
-----------------------------------------------------------
Ship it!
Ship It!
- Gilbert Song
On Nov. 8, 2018, 7:23 a.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 7:23 a.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am 99270f048573900cf41d0c62cfe3488b83d71820
> 3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt a574d449dc26b820cbef7ff0b5e94b42b6fe86cf
> src/Makefile.am 188a47017221a931d8b965a4af5e033b77e6ce4e
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/15/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Qian Zhang <zh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211945
-----------------------------------------------------------
Ship it!
Ship It!
- Qian Zhang
On Nov. 8, 2018, 11:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 11:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am 99270f048573900cf41d0c62cfe3488b83d71820
> 3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt a574d449dc26b820cbef7ff0b5e94b42b6fe86cf
> src/Makefile.am 188a47017221a931d8b965a4af5e033b77e6ce4e
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/15/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Qian Zhang <zh...@gmail.com>.
> On Dec. 20, 2018, 5:39 p.m., Qian Zhang wrote:
> > configure.ac
> > Lines 1607-1608 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114532#file2114532line1607>
> >
> > What is the difference between `use a preinstalled libseccomp` and `ignore all bundled libraries`? Aren't they same?
>
> Andrei Budnik wrote:
> It's a copypaste...
> Updated the comment (`preinstalled` -> `pre-bundled`) and then moved it to the next `if` condition.
I think `bundled` rather than `pre-bundled` is good enough, otherwise people may be confused about the difference between `bundled` and `pre-bundled`.
- Qian
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211456
-----------------------------------------------------------
On Nov. 8, 2018, 11:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 11:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/11/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Andrei Budnik <ab...@mesosphere.com>.
> On Dec. 20, 2018, 9:39 a.m., Qian Zhang wrote:
> > 3rdparty/CMakeLists.txt
> > Lines 637 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114527#file2114527line637>
> >
> > Do we need to check if we are using bundled libseccomp or pre-installed?
> >
> > This `CMakeLists.txt` can be used to build on Windows as well, so do we need to do this on Linux only?
> Do we need to check if we are using bundled libseccomp or pre-installed?
I've just added support for unbundled `libseccomp`.
> This CMakeLists.txt can be used to build on Windows as well, so do we need to do this on Linux only?
It's Linux-only, because `ENABLE_SECCOMP_ISOLATOR` is defined within `if (LINUX) ... endif ()` section in `cmake/CompilationConfigure.cmake`.
> On Dec. 20, 2018, 9:39 a.m., Qian Zhang wrote:
> > configure.ac
> > Lines 1607-1608 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114532#file2114532line1607>
> >
> > What is the difference between `use a preinstalled libseccomp` and `ignore all bundled libraries`? Aren't they same?
>
> Andrei Budnik wrote:
> It's a copypaste...
> Updated the comment (`preinstalled` -> `pre-bundled`) and then moved it to the next `if` condition.
>
> Qian Zhang wrote:
> I think `bundled` rather than `pre-bundled` is good enough, otherwise people may be confused about the difference between `bundled` and `pre-bundled`.
Fixed.
- Andrei
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211456
-----------------------------------------------------------
On Nov. 8, 2018, 3:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 3:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am a14216cf98f6638da06aa3dfc49e6b319fea7f87
> 3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/12/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Andrei Budnik <ab...@mesosphere.com>.
> On Dec. 20, 2018, 9:39 a.m., Qian Zhang wrote:
> > cmake/CompilationConfigure.cmake
> > Lines 569 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114531#file2114531line569>
> >
> > Just curious why we need add this definition? It seems we do not do this for other isolators, e.g., `ENABLE_NETWORK_PORTS_ISOLATOR`.
Removed this code and added an item to the `target_compile_definitions()`.
> On Dec. 20, 2018, 9:39 a.m., Qian Zhang wrote:
> > configure.ac
> > Lines 356 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114532#file2114532line356>
> >
> > Can you describe why this flag will be deprecated in the future here? E.g., we will deprecate it when we do not support the old kernel in future.
Updated the comment.
> On Dec. 20, 2018, 9:39 a.m., Qian Zhang wrote:
> > configure.ac
> > Lines 1599 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114532#file2114532line1599>
> >
> > So here we check the header regardless using bundled libseccomp or pre-installed libseccomp? I see you have another header check in line 1617 which I think should be the right place to check header (i.e., after `CPPFLAGS`&`LDFLAGS` are updated as per `with_libseccomp`).
`linux/seccomp.h` - system header which is always available on Linux 3.5+. This header is required in all cases.
`seccomp.h` - `libseccomp`'s header file, which we require *only* when we build *without* bundled `libseccomp`.
> On Dec. 20, 2018, 9:39 a.m., Qian Zhang wrote:
> > configure.ac
> > Lines 1607-1608 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114532#file2114532line1607>
> >
> > What is the difference between `use a preinstalled libseccomp` and `ignore all bundled libraries`? Aren't they same?
It's a copypaste...
Updated the comment (`preinstalled` -> `pre-bundled`) and then moved it to the next `if` condition.
> On Dec. 20, 2018, 9:39 a.m., Qian Zhang wrote:
> > configure.ac
> > Lines 1615 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114532#file2114532line1615>
> >
> > Do we also need to check `test "x$enable_bundled" != "xyes"`?
Fixed.
> On Dec. 20, 2018, 9:39 a.m., Qian Zhang wrote:
> > configure.ac
> > Lines 1617 (patched)
> > <https://reviews.apache.org/r/68016/diff/10/?file=2114532#file2114532line1617>
> >
> > I see in line 1599 you check the header `linux/seccomp.h`, so what's difference between `linux/seccomp.h` and `seccomp.h`?
See my previous comment.
- Andrei
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211456
-----------------------------------------------------------
On Nov. 8, 2018, 3:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 3:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/11/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Qian Zhang <zh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211456
-----------------------------------------------------------
3rdparty/CMakeLists.txt
Lines 637 (patched)
<https://reviews.apache.org/r/68016/#comment296600>
Do we need to check if we are using bundled libseccomp or pre-installed?
This `CMakeLists.txt` can be used to build on Windows as well, so do we need to do this on Linux only?
cmake/CompilationConfigure.cmake
Lines 569 (patched)
<https://reviews.apache.org/r/68016/#comment296602>
Just curious why we need add this definition? It seems we do not do this for other isolators, e.g., `ENABLE_NETWORK_PORTS_ISOLATOR`.
configure.ac
Lines 356 (patched)
<https://reviews.apache.org/r/68016/#comment296593>
Can you describe why this flag will be deprecated in the future here? E.g., we will deprecate it when we do not support the old kernel in future.
configure.ac
Lines 1599 (patched)
<https://reviews.apache.org/r/68016/#comment296599>
So here we check the header regardless using bundled libseccomp or pre-installed libseccomp? I see you have another header check in line 1617 which I think should be the right place to check header (i.e., after `CPPFLAGS`&`LDFLAGS` are updated as per `with_libseccomp`).
configure.ac
Lines 1607-1608 (patched)
<https://reviews.apache.org/r/68016/#comment296596>
What is the difference between `use a preinstalled libseccomp` and `ignore all bundled libraries`? Aren't they same?
configure.ac
Lines 1615 (patched)
<https://reviews.apache.org/r/68016/#comment296597>
Do we also need to check `test "x$enable_bundled" != "xyes"`?
configure.ac
Lines 1617 (patched)
<https://reviews.apache.org/r/68016/#comment296598>
I see in line 1599 you check the header `linux/seccomp.h`, so what's difference between `linux/seccomp.h` and `seccomp.h`?
- Qian Zhang
On Nov. 8, 2018, 11:23 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 11:23 p.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e
> 3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/10/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Gilbert Song <so...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review212368
-----------------------------------------------------------
Ship it!
Ship It!
- Gilbert Song
On Nov. 8, 2018, 7:23 a.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 7:23 a.m.)
>
>
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9032
> https://issues.apache.org/jira/browse/MESOS-9032
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
>
> 1. Compiling and linking against the bundled version of libseccomp from
> sources (default).
>
> 2. Linking against the libseccomp installed in the OS,
> if `--with-libseccomp` build flag is provided.
>
>
> Diffs
> -----
>
> 3rdparty/CMakeLists.txt b74772e7e9c309acdb5b1d70b4c093dbaf9b3c0e
> 3rdparty/Makefile.am 99270f048573900cf41d0c62cfe3488b83d71820
> 3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION
> 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
> 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
> cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e
> configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4
> src/CMakeLists.txt a574d449dc26b820cbef7ff0b5e94b42b6fe86cf
> src/Makefile.am cd785255fcdf1302a8f9fa358039e5d1f200e132
> src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba
>
>
> Diff: https://reviews.apache.org/r/68016/diff/16/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>
Re: Review Request 68016: Added libseccomp to the build.
Posted by Andrei Budnik <ab...@mesosphere.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/
-----------------------------------------------------------
(Updated Nov. 8, 2018, 3:23 p.m.)
Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
Bugs: MESOS-9032
https://issues.apache.org/jira/browse/MESOS-9032
Repository: mesos
Description
-------
This library is needed to implement Seccomp syscall filtering in the
Mesos containerizer. This patch introduces `seccomp-isolator` build
flag, which is used to include or exclude sources related to Seccomp
from the build. Since Seccomp is a Linux-specific feature, the flag
is disabled by default. Enabling `seccomp-isolator` means either:
1. Compiling and linking against the bundled version of libseccomp from
sources (default).
2. Linking against the libseccomp installed in the OS,
if `--with-libseccomp` build flag is provided.
Diffs (updated)
-----
3rdparty/CMakeLists.txt fb80b39d1717948e87256272bc5989f73d4f5995
3rdparty/Makefile.am e625e7be1743348d02c6dbb8e0a92d1a395b0ef4
3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411
3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573
cmake/CompilationConfigure.cmake 2130c9b70eae62948d469b37692ff4eea3a4baf2
configure.ac 1caab4d0630821a937d92f3c788a01ae3b5dc228
src/CMakeLists.txt 732368293049b7d9d6f62057344d433637ad44e8
src/Makefile.am c17eae4ff1d019d515f67d81821e933ecb5dc190
Diff: https://reviews.apache.org/r/68016/diff/6/
Changes: https://reviews.apache.org/r/68016/diff/5-6/
Testing
-------
Thanks,
Andrei Budnik