Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Disable Seccomp when running old Linux kernel #587

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
2 participants
Contributor

clehner commented Jul 9, 2014

for those of us running i.e. a 2.x kernel with 3.x headers, for some reason

Disable Seccomp when running old Linux kernel
Get kernel version when building, as well as testing for Seccomp headers

Fix #586

@cjdelisle cjdelisle and 1 other commented on an outdated diff Jul 10, 2014

util/Seccomp.js
@@ -54,6 +54,8 @@ var detect = module.exports.detect = function (async, file, builder)
console.log("SECCOMP is only available on linux");
} else if (process.env['Seccomp_NO']) {
console.log("SECCOMP disabled");
+ } else if (builder.config.systemRelease < "3.5") {
+ console.log("SECCOMP filtering is only available in Linux 3.5+");
@cjdelisle

cjdelisle Jul 10, 2014

Owner

Good thought, can you scrub the name though so that it doesn't erroneously skip on my machine?

> var Os = require('os');
undefined
> Os.release()
'3.13.0-29-generic'
> Os.release() < "3.5"
true
> 

This should work:
var releaseNum = Number(release.replace(/^([0-9]+.[0-9]+).*$/, function (all, capA) { return capA; });
if (Number.isNaN(releaseNum)) { throw new Error("Could not parse kernel version [" + release + "]"); }

@cjdelisle

cjdelisle Jul 10, 2014

Owner

And then do number comparison instead of string comparison. if (releaseNum < 3.5) ....

@clehner

clehner Jul 10, 2014

Contributor

Ah yes, I forgot string comparison doesn't work great with numbers in strings.

@clehner

clehner Jul 10, 2014

Contributor

Well, 3.13 < 3.5 == '3.13.0-29-generic' < '3.5' == true, which isn't what we want. If you don't mind another dependency, I would add semver so we can get semver.lt('3.13.0-29-generic', '3.5.0') == false

@cjdelisle

cjdelisle Jul 11, 2014

Owner

it sucks but I'll live with it

On 07/10/2014 10:55 PM, Charles Lehner wrote:

@@ -54,6 +54,8 @@ var detect = module.exports.detect = function (async, file, builder)
console.log("SECCOMP is only available on linux");
} else if (process.env['Seccomp_NO']) {
console.log("SECCOMP disabled");

  • } else if (builder.config.systemRelease < "3.5") {
  •    console.log("SECCOMP filtering is only available in Linux 3.5+");
    

Well, 3.13 < 3.5 == '3.13.0-29-generic' < '3.5' == true, which isn't what we want. If you don't mind another dependency, I would add semver so we can get semver.lt('3.13.0-29-generic', '3.5.0') == false


Reply to this email directly or view it on GitHub:
https://github.com/cjdelisle/cjdns/pull/587/files#r14792653

Owner

cjdelisle commented Jul 25, 2014

merged to crashey

@cjdelisle cjdelisle closed this Jul 25, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment