From aa8af5bb174bd392249eb2d30f23ed04ebc8b158 Mon Sep 17 00:00:00 2001 From: Benjamin Barenblat Date: Tue, 3 Dec 2019 09:31:00 -0500 Subject: debian: Enable seccomp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 22a59d2d8b48cb2762362bd71e24293a53bca09a added basic seccomp support to zhm. Since zhm currently runs as root and handles network traffic, any sandboxing we can get is a good idea. Take a dependency on libseccomp-dev and enable seccomp support for zhm. This breaks building on kFreeBSD, but this package doesn’t currently build there anyway, so it’s not making things any worse. --- debian/control | 3 ++- debian/rules | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index bf03797..d1df79d 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,8 @@ Build-Depends: debhelper (>= 5), libc-ares-dev, libkrb5-dev (>= 1.2.2-4), comerr-dev, ss-dev, libreadline-dev | libreadline5-dev, libx11-dev, libxt-dev, x11proto-core-dev, libncurses5-dev, bison, libhesiod-dev, autotools-dev, python (>= 2.5), python-central, - autoconf, libtool, automake, git-core | git, devscripts + autoconf, libtool, automake, git-core | git, devscripts, + libseccomp-dev Build-Conflicts: autoconf2.13 Standards-Version: 3.9.2.0 Homepage: http://zephyr.1ts.org/ diff --git a/debian/rules b/debian/rules index 8f575bb..daed056 100755 --- a/debian/rules +++ b/debian/rules @@ -17,7 +17,8 @@ PACKAGES:=-plibzephyr4 -pzephyr-clients -pzephyr-server -plibzephyr-dev -plibzep export DH_OPTIONS CONFIGURE_ROOT=--prefix=/usr --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info --sysconfdir=/etc --datadir=/etc \ - --with-cares=/usr --with-hesiod=/usr --enable-cmu-zwgcplus + --with-cares=/usr --with-hesiod=/usr --with-seccomp=/usr \ + --enable-cmu-zwgcplus CONFIGURE_krb5=--with-krb5=/usr CONFIGURE_krb45=--with-krb4=/usr --with-krb5=/usr CONFIGURE_krb=--with-krb4=/usr -- cgit v1.2.3