From 1060289f51ee1bf269bb45940892eb272d35af97 Mon Sep 17 00:00:00 2001
From: Philipp Stephani <phst@google.com>
Date: Thu, 17 Dec 2020 11:20:55 +0100
Subject: Add a helper binary to create a basic Secure Computing filter.

The binary uses the 'seccomp' helper library.  The library isn't
needed to load the generated Secure Computing filter.

* configure.ac: Check for 'seccomp' header and library.

* lib-src/seccomp-filter.c: New helper binary to generate a generic
Secure Computing filter for GNU/Linux.

* lib-src/Makefile.in (DONT_INSTALL): Add 'seccomp-filter' helper
binary if possible.
(all): Add Secure Computing filter file if possible.
(seccomp-filter$(EXEEXT)): Compile helper binary.
(seccomp-filter.bpf seccomp-filter.pfc): Generate filter files.

* test/src/emacs-tests.el (emacs-tests/seccomp/allows-stdout)
(emacs-tests/seccomp/forbids-subprocess): New unit tests.

* test/Makefile.in (src/emacs-tests.log): Add dependency on the helper
binary.
---
 .gitignore | 5 +++++
 1 file changed, 5 insertions(+)

(limited to '.gitignore')

diff --git a/.gitignore b/.gitignore
index b653ef215b9..ecf768dc4d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -188,6 +188,7 @@ lib-src/make-docfile
 lib-src/make-fingerprint
 lib-src/movemail
 lib-src/profile
+lib-src/seccomp-filter
 lib-src/test-distrib
 lib-src/update-game-score
 nextstep/Cocoa/Emacs.base/Contents/Info.plist
@@ -301,3 +302,7 @@ nt/emacs.rc
 nt/emacsclient.rc
 src/gdb.ini
 /var/
+
+# Seccomp filter files.
+lib-src/seccomp-filter.bpf
+lib-src/seccomp-filter.pfc
-- 
cgit v1.2.1