New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable Seccomp when running old Linux kernel #587
Conversation
Get kernel version when building, as well as testing for Seccomp headers
Fix #586
@@ -54,6 +54,8 @@ var detect = module.exports.detect = function (async, file, builder) | |||
console.log("SECCOMP is only available on linux"); | |||
} else if (process.env['Seccomp_NO']) { | |||
console.log("SECCOMP disabled"); | |||
} else if (builder.config.systemRelease < "3.5") { | |||
console.log("SECCOMP filtering is only available in Linux 3.5+"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good thought, can you scrub the name though so that it doesn't erroneously skip on my machine?
> var Os = require('os');
undefined
> Os.release()
'3.13.0-29-generic'
> Os.release() < "3.5"
true
>
This should work:
var releaseNum = Number(release.replace(/^([0-9]+.[0-9]+).*$/, function (all, capA) { return capA; });
if (Number.isNaN(releaseNum)) { throw new Error("Could not parse kernel version [" + release + "]"); }
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And then do number comparison instead of string comparison. if (releaseNum < 3.5) ....
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes, I forgot string comparison doesn't work great with numbers in strings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, 3.13 < 3.5
== '3.13.0-29-generic' < '3.5'
== true
, which isn't what we want. If you don't mind another dependency, I would add semver so we can get semver.lt('3.13.0-29-generic', '3.5.0')
== false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it sucks but I'll live with it
On 07/10/2014 10:55 PM, Charles Lehner wrote:
@@ -54,6 +54,8 @@ var detect = module.exports.detect = function (async, file, builder)
console.log("SECCOMP is only available on linux");
} else if (process.env['Seccomp_NO']) {
console.log("SECCOMP disabled");
- } else if (builder.config.systemRelease < "3.5") {
console.log("SECCOMP filtering is only available in Linux 3.5+");
Well,
3.13 < 3.5
=='3.13.0-29-generic' < '3.5'
==true
, which isn't what we want. If you don't mind another dependency, I would add semver so we can getsemver.lt('3.13.0-29-generic', '3.5.0')
== false
Reply to this email directly or view it on GitHub:
https://github.com/cjdelisle/cjdns/pull/587/files#r14792653
merged to crashey |
for those of us running i.e. a 2.x kernel with 3.x headers, for some reason