[Buildroot] [PATCH 2/7] package/minijail: new package
Giulio Benetti
giulio.benetti at benettiengineering.com
Fri Dec 10 14:48:19 UTC 2021
Hi José,
On 10/12/21 15:12, José Pekkarinen wrote:
> This patch adds a new package for minijail.
Reword "This patch add package minijail"
> Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
> ---
> DEVELOPERS | 1 +
> package/Config.in | 1 +
> package/minijail/0001-Fix-prlimit-call.patch | 29 ++++++++++++++++++
> package/minijail/0002-Fix-static-assert.patch | 30 +++++++++++++++++++
> package/minijail/Config.in | 12 ++++++++
> package/minijail/minijail.hash | 5 ++++
> package/minijail/minijail.mk | 28 +++++++++++++++++
> 7 files changed, 106 insertions(+)
> create mode 100644 package/minijail/0001-Fix-prlimit-call.patch
> create mode 100644 package/minijail/0002-Fix-static-assert.patch
> create mode 100644 package/minijail/Config.in
> create mode 100644 package/minijail/minijail.hash
> create mode 100644 package/minijail/minijail.mk
>
> diff --git a/DEVELOPERS b/DEVELOPERS
> index 854f6f2084..65448a74c8 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -1464,6 +1464,7 @@ F: package/zfs/
> F: support/testing/tests/package/test_zfs.py
>
> N: José Pekkarinen <jose.pekkarinen at unikie.com>
> +F: package/minijail/
> F: package/opensc/
> F: package/softhsm2/
>
> diff --git a/package/Config.in b/package/Config.in
> index b5907d7fa3..aac8172fc4 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -2516,6 +2516,7 @@ menu "System tools"
> source "package/mender/Config.in"
> source "package/mender-grubenv/Config.in"
> source "package/mfoc/Config.in"
> + source "package/minijail/Config.in"
> source "package/monit/Config.in"
> source "package/multipath-tools/Config.in"
> source "package/ncdu/Config.in"
> diff --git a/package/minijail/0001-Fix-prlimit-call.patch b/package/minijail/0001-Fix-prlimit-call.patch
> new file mode 100644
> index 0000000000..9f6902ed43
> --- /dev/null
> +++ b/package/minijail/0001-Fix-prlimit-call.patch
> @@ -0,0 +1,29 @@
> +From 09348f06104bf8101a24a0bce235a75a214e1380 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Jos=C3=A9=20Pekkarinen?= <jose.pekkarinen at unikie.com>
> +Date: Fri, 10 Dec 2021 14:20:30 +0200
> +Subject: [PATCH] Fix prlimit call
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
Add a commit log
> +Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
> +---
> + libminijail.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/libminijail.c b/libminijail.c
> +index b935dfd..45f133e 100644
> +--- a/libminijail.c
> ++++ b/libminijail.c
> +@@ -1908,7 +1908,7 @@ static void set_rlimits_or_die(const struct minijail *j)
> + struct rlimit limit;
> + limit.rlim_cur = j->rlimits[i].cur;
> + limit.rlim_max = j->rlimits[i].max;
> +- if (prlimit(j->initpid, j->rlimits[i].type, &limit, NULL))
> ++ if (setrlimit(j->rlimits[i].type, &limit))
> + kill_child_and_die(j, "failed to set rlimit");
> + }
> + }
> +--
> +2.30.2
> +
> diff --git a/package/minijail/0002-Fix-static-assert.patch b/package/minijail/0002-Fix-static-assert.patch
> new file mode 100644
> index 0000000000..48139e8baa
> --- /dev/null
> +++ b/package/minijail/0002-Fix-static-assert.patch
> @@ -0,0 +1,30 @@
> +From b5d91b793942747e5126e75abca2eebad60ab478 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Jos=C3=A9=20Pekkarinen?= <jose.pekkarinen at unikie.com>
> +Date: Fri, 10 Dec 2021 14:21:38 +0200
> +Subject: [PATCH] Fix static assert
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
Ditto
> +Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
> +---
> + libminijail.c | 3 ---
> + 1 file changed, 3 deletions(-)
> +
> +diff --git a/libminijail.c b/libminijail.c
> +index 45f133e..8323742 100644
> +--- a/libminijail.c
> ++++ b/libminijail.c
> +@@ -2620,9 +2620,6 @@ static int fd_is_open(int fd)
> + return fcntl(fd, F_GETFD) != -1 || errno != EBADF;
> + }
> +
> +-static_assert(FD_SETSIZE >= MAX_PRESERVED_FDS * 2 - 1,
> +- "If true, ensure_no_fd_conflict will always find an unused fd.");
> +-
> + /* If parent_fd will be used by a child fd, move it to an unused fd. */
> + static int ensure_no_fd_conflict(const fd_set *child_fds,
> + int child_fd, int *parent_fd)
> +--
> +2.30.2
> +
> diff --git a/package/minijail/Config.in b/package/minijail/Config.in
> new file mode 100644
> index 0000000000..02868ef09c
> --- /dev/null
> +++ b/package/minijail/Config.in
> @@ -0,0 +1,12 @@
> +config BR2_PACKAGE_MINIJAIL
> + bool "minijail"
> + depends on !BR2_STATIC_LIBS # dlopen()
> + select BR2_PACKAGE_HOST_LIBCAP
> + select BR2_PACKAGE_LIBCAP
> + help
> + Minijail is a sandboxing tool maintained by google.
> +
> + https://google.github.io/minijail/
> +
> +comment "minijail needs a toolchain with dynamic library support"
> + depends on BR2_STATIC_LIBS
> diff --git a/package/minijail/minijail.hash b/package/minijail/minijail.hash
> new file mode 100644
> index 0000000000..227a77fcf5
> --- /dev/null
> +++ b/package/minijail/minijail.hash
> @@ -0,0 +1,5 @@
> +# From https://github.com/google/minijail/releases/
Point the sha256 file
> +sha256 1ee5a5916491a32c121c7422b4d8c16481c0396a3acab34bf1c44589dcf810ae linux-v17.tar.gz
> +
> +# Locally computed
> +sha256 c6f439c5cf07263f71f01d29b79c79172ee529088e51ab434b22baad0988fe57 LICENSE
> diff --git a/package/minijail/minijail.mk b/package/minijail/minijail.mk
> new file mode 100644
> index 0000000000..bc72421b0c
> --- /dev/null
> +++ b/package/minijail/minijail.mk
> @@ -0,0 +1,28 @@
> +################################################################################
> +#
> +# minijail
> +#
> +################################################################################
> +
> +MINIJAIL_VERSION = linux-v17
> +MINIJAIL_SOURCE = $(MINIJAIL_VERSION).tar.gz
> +MINIJAIL_SITE = "https://github.com/google/minijail/archive/refs/tags"
Please use github wrapper ^^^
> +MINIJAIL_LICENSE = BSD-Style
> +MINIJAIL_LICENSE_FILES = LICENSE
> +MINIJAIL_DEPENDENCIES=libcap host-libcap
> +
> +define MINIJAIL_BUILD_CMDS
> + (cd $(@D); \
> + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/$(d) CC="$(TARGET_CC)")
> +endef
> +
> +define MINIJAIL_INSTALL_TARGET_CMDS
> + $(INSTALL) -m 0755 -D $(@D)/minijail0 \
> + $(TARGET_DIR)/usr/bin/minijail0
> + $(INSTALL) -m 0755 -D $(@D)/libminijailpreload.so \
> + $(TARGET_DIR)/lib/libminijailpreload.so
> + $(INSTALL) -m 0755 -D $(@D)/libminijail.so \
> + $(TARGET_DIR)/lib/libminijail.so
> +endef
> +
> +$(eval $(generic-package))
>
Best regards
--
Giulio Benetti
Benetti Engineering sas
More information about the buildroot
mailing list