[meta-virtualization] [PATCH 2/3] lxc: Add PACKAGECONFIG for seccomp
Purcareata Bogdan
b43198 at freescale.com
Wed Mar 11 01:14:11 PDT 2015
On 10.03.2015 19:08, Bruce Ashfield wrote:
> On Tue, Mar 10, 2015 at 8:11 AM, Bogdan Purcareata
> <bogdan.purcareata at freescale.com> wrote:
>> Determine whether libseccomp is installed in the Yocto image, and based on that,
>> compile the necessary support for LXC as well.
>>
>> Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
>> ---
>> recipes-containers/lxc/lxc_1.0.7.bb | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/recipes-containers/lxc/lxc_1.0.7.bb b/recipes-containers/lxc/lxc_1.0.7.bb
>> index c618c84..4110ac5 100644
>> --- a/recipes-containers/lxc/lxc_1.0.7.bb
>> +++ b/recipes-containers/lxc/lxc_1.0.7.bb
>> @@ -43,12 +43,14 @@ EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}"
>>
>> PACKAGECONFIG ??= "templates \
>> ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
>> + ${@base_contains('IMAGE_INSTALL', 'libseccomp', 'seccomp', '', d)} \
>
> This doesn't seem correct, or at least not in the spirit of other
> package config options
> and tests that I've used (and seen). But if you know of a reference
> that looks like this,
> point me in its direction and I'll have a look.
>
> Testing on distro features is one thing, as would be image features ..
> but IMAGE_INSTALL
> is not the same, and isn't always used.
>
> Part of the package config is to trigger both depends and rdepends on
> other packages
> when it is enabled. In this case, we are doing the opposite, using the
> dependency to
> trigger the package config.
>
> Either this test needs to be patched into the lxc configuration phase,
> so it can detect
> it at runtime, or just leave it at a package config option. Your
> layers can then enable
> that packageconfig and everything works as expected, and we don't
> force all users
> to enable this in lxc when they may not want it simply because
> libseccomp is present.
I understand, thank you for making it clear.
I don't have a strong argument for my patch, so I think the best option
for now would be to leave the PACKAGECONFIG option only, and let the
layers or image configuration file handle what's active at build time.
I will send a v2.
Best regards,
Bogdan P.
> Bruce
>
>> "
>> PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,,"
>> PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,,"
>> PACKAGECONFIG[apparmour] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor"
>> PACKAGECONFIG[templates] = ",,, ${PN}-templates"
>> PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux"
>> +PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp"
>>
>> inherit autotools pkgconfig ptest update-rc.d systemd
>>
>> --
>> 2.1.4
>>
>> --
>> _______________________________________________
>> meta-virtualization mailing list
>> meta-virtualization at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/meta-virtualization
>
>
>
More information about the meta-virtualization
mailing list