FS#4138 - procd requires seccomp in certain configurations

[openwrt-bot]

kirelagin:

If //CONFIG_PACKAGE_procd-seccomp=y//, procd will be built with //-DSECCOMP_SUPPORT//.

In practice, this means that if some service’s init script tries to set a seccomp policy, procd will call the ///sbin/seccomp-trace// binary ([[https://git.openwrt.org/?p=project/procd.git;a=blob;f=service/instance.c;h=8cabedb8b0fd789fb0686c7b4a9f35ec3abfd441;hb=HEAD#l489|relevant code]]). The problem is that this binary, which is part of procd, is not installed by the //procd// package, it is contained in a separate //procd-seccomp// package. So, the service which tries to set the policy will fail to start.

I can see the following options:

1. Any package that wants to do //procd_set_param seccomp// in its init script needs to explicitly depend on //procd-seccomp// (and this needs to be documented somewhere).
2. Init scripts should request seccomp conditionally, only if it is available (if //procd-seccomp// is installed? or what should the test be?).
3. //procd-seccomp// needs to be installed by default whenever //CONFIG_PACKAGE_procd-seccomp=y//.

Currently, I am aware of two packages affected: umdns (https://bugs.openwrt.org/index.php?do=details&task_id=3355) and transmission (openwrt/packages#16972), but, I imagine, eventually there will be more.

[openwrt-bot]

ynezz:

I've just tested it on x86/64 with OpenWrt 21.02.1 and it works fine.

2. Init scripts should request seccomp conditionally, only if it is available (if procd-seccomp is installed? or what should the test be?).

[ -f /etc/seccomp/umdns.json ] && procd_set_param seccomp /etc/seccomp/umdns.json

In other words if /etc/seccomp config exists, then use it.