Browse Source

minijail: new package

Waldemar Brodkorb 2 years ago
parent
commit
d6e71e1416

+ 38 - 0
package/minijail/Makefile

@@ -0,0 +1,38 @@
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include $(ADK_TOPDIR)/rules.mk
+
+PKG_NAME:=		minijail
+PKG_VERSION:=		v17
+PKG_RELEASE:=		1
+PKG_HASH:=		1ee5a5916491a32c121c7422b4d8c16481c0396a3acab34bf1c44589dcf810ae
+PKG_DESCR:=		sandboxing and containment tool
+PKG_SECTION:=		sys/misc
+PKG_DEPENDS:=		libcap
+PKG_BUILDDEP:=		libcap
+PKG_URL:=		https://google.github.io/minijail/
+PKG_SITES:=		https://github.com/google/minijail/archive/refs/tags/
+
+DISTFILES:=             linux-$(PKG_VERSION).tar.gz
+WRKDIST=		${WRKDIR}/${PKG_NAME}-linux-${PKG_VERSION}
+
+include $(ADK_TOPDIR)/mk/package.mk
+
+$(eval $(call PKG_template,MINIJAIL,minijail,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION)))
+
+CONFIG_STYLE:=		manual
+INSTALL_STYLE:=		manual
+
+minijail-install:
+	$(INSTALL_DIR) $(IDIR_MINIJAIL)/lib
+	$(CP) $(WRKBUILD)/libminijailpreload.so \
+		$(IDIR_MINIJAIL)/lib
+	$(INSTALL_DIR) $(IDIR_MINIJAIL)/lib
+	$(CP) $(WRKBUILD)/libminijail.so \
+		$(IDIR_MINIJAIL)/lib
+	$(INSTALL_DIR) $(IDIR_MINIJAIL)/usr/bin
+	$(INSTALL_BIN) $(WRKBUILD)/minijail0 \
+		$(IDIR_MINIJAIL)/usr/bin
+
+include $(ADK_TOPDIR)/mk/pkg-bottom.mk

+ 15 - 0
package/minijail/patches/patch-common_mk

@@ -0,0 +1,15 @@
+--- minijail-linux-v17.orig/common.mk	2021-08-11 08:01:06.000000000 +0200
++++ minijail-linux-v17/common.mk	2022-01-13 04:53:35.432449083 +0100
+@@ -306,12 +306,6 @@ check_libs_cxx = $(call check_compile,$(
+ check_cc = $(call check_compile_cc,'int main() { return 0; }',$(1),$(2))
+ check_cxx = $(call check_compile_cxx,'int main() { return 0; }',$(1),$(2))
+ 
+-# Choose the stack protector flags based on whats supported by the compiler.
+-SSP_CFLAGS := $(call check_cc,-fstack-protector-strong)
+-ifeq ($(SSP_CFLAGS),)
+- SSP_CFLAGS := $(call check_cc,-fstack-protector-all)
+-endif
+-
+ # To update these from an including Makefile:
+ #  CXXFLAGS += -mahflag  # Append to the list
+ #  CXXFLAGS := -mahflag $(CXXFLAGS) # Prepend to the list

+ 12 - 0
package/minijail/patches/patch-libminijail_c

@@ -0,0 +1,12 @@
+--- minijail-linux-v17.orig/libminijail.c	2021-08-11 08:01:06.000000000 +0200
++++ minijail-linux-v17/libminijail.c	2022-01-13 04:24:57.190934413 +0100
+@@ -2620,9 +2620,6 @@ static int fd_is_open(int fd)
+ 	return fcntl(fd, F_GETFD) != -1 || errno != EBADF;
+ }
+ 
+-static_assert(FD_SETSIZE >= MAX_PRESERVED_FDS * 2 - 1,
+-	      "If true, ensure_no_fd_conflict will always find an unused fd.");
+-
+ /* If parent_fd will be used by a child fd, move it to an unused fd. */
+ static int ensure_no_fd_conflict(const fd_set *child_fds,
+ 				 int child_fd, int *parent_fd)