add compatibility architectures for supported architectures (LP: #1592022)

[jdstrand]

Add get_hostarch() (inspired by lxc codebase) to determine the host (kernel) architecture. For architectures that support it, then add the compatibility arch using seccomp_arch_add(). Account for 64 bit kernel/userspace, 32 bit kernel/usespace and 64 bit kernel with 32 bit userspace. When syscalls are
added later, they will be added for each added architecture. Eg:

• with amd64 kernel and userspace, add x86 architecture so that both 64 bit and 32 bit binaries can be used
• with i386 kernel and userspace, add only the x86 architecture so only 32 bit binaries are supported
• with amd64 kernel and i386 userspace, add the x86_64 architecture so that both 32 bit and 64 bit binaries can be used

[jdstrand]

The testsuite failure is unrelated:

2016/11/14 16:38:24 Cannot allocate linode:ubuntu-16.04-64-grub: authentication failed

[jdstrand]

Ok, added spread test but I can't test it. Sending up to linode or qemu locally results in an issue unrelated to this patch:

$ spread -resend -reuse qemu:ubuntu-16.04-64:spread-tests/main/test-seccomp-compat
...
tardir=snap-confine-1.0.45 && ${TAR-tar} chof - "$tardir" | GZIP=--best gzip -c >snap-confine-1.0.45.tar.gz
make[1]: Leaving directory '/tmp/tmp.zPCHKmU509'
if test -d "snap-confine-1.0.45"; then find "snap-confine-1.0.45" -type d ! -perm -200 -exec chmod u+w {} ';' && rm -rf "snap-confine-1.0.45" || { sleep 5 && rm -rf "snap-confine-1.0.45"; }; else :; fi
+ test -f snap-confine-1.0.45.tar.gz
+ mv snap-confine-1.0.45.tar.gz /home/spread/
+ rm -rf /tmp/tmp.zPCHKmU509
+ cp /home/spread/snap-confine-1.0.45.tar.gz snap-confine_1.0.45.orig.tar.gz
+ tar -zxf snap-confine_1.0.45.orig.tar.gz
+ mv distro-packaging/debian snap-confine-1.0.45/debian
+ rm -rf distro-packaging
+ cd snap-confine-1.0.45
+ dch --controlmaint --newversion 1.0.45-1 Automatic CI build
+ cd snap-confine-1.0.45
+ dpkg-buildpackage -uc -us -S
dpkg-buildpackage: source package snap-confine
dpkg-buildpackage: source version 1.0.45-1
dpkg-buildpackage: source distribution UNRELEASED
dpkg-buildpackage: source changed by Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
 dpkg-source --before-build snap-confine-1.0.45
 debian/rules clean
dh clean --with autoreconf
   dh_testdir
   dh_auto_clean
   dh_autoreconf_clean
   dh_clean
 dpkg-source -b snap-confine-1.0.45
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building snap-confine using existing ./snap-confine_1.0.45.orig.tar.gz
patching file src/mount-opt-test.c
Reversed (or previously applied) patch detected!  Skipping patch.
1 out of 1 hunk ignored
dpkg-source: info: the patch has fuzz which is not allowed, or is malformed
dpkg-source: info: if patch 'fix-fmt.patch' is correctly applied by quilt, use 'quilt refresh' to update it
dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -E -b -B .pc/fix-fmt.patch/ --reject-file=- < snap-confine-1.0.45.orig.A7bjmM/debian/patches/fix-fmt.patch gave error exit status 1
dpkg-buildpackage: error: dpkg-source -b snap-confine-1.0.45 gave error exit status 2
+ rm -rf /tmp/tmp.F0913K1Y65
-----
2016/11/15 16:56:45 Successful tasks: 0
2016/11/15 16:56:45 Aborted tasks: 1
2016/11/15 16:56:45 Failed project prepare: 1
    - qemu:ubuntu-16.04-64:project
2016/11/15 16:56:45 Keeping qemu:ubuntu-16.04-64 at localhost:59371
error: unsuccessful run

[zyga]

I've fixed the packaging tree to allow testing now. I'll ensure this is green and land it.

[zyga]

This now correctly passes tests in linode

[zyga]

This should be static IMHO, I'll add a quick patch that corrects this.

[jdstrand]

That's fine.

[zyga]

This block can be a small dedicated function that could be unit tested for sanity. I can gladly patch this.

[jdstrand]

If you are keen on doing this, you have my blessing. If you want me to do it, I can look at it next week (I'm working on something else atm).

[zyga]

Are all of the SCMP_ARCH_ constants > 0?

[jdstrand]

Yes

[jdstrand]

To expand on that, SCMP_ARCH_NATIVE is 0 and the others are >0. We don't ever set compat_arch to SCMP_ARCH_NATIVE because the SCMP_ARCH_NATIVE is there by default.

[zyga]

Looks good, I'll merge it and update with a few unit tests.