snap-seccomp: link libseccomp statically to snap-seccomp

[mvo5]

This ensures we do not run into library version mismatches when
snap-seccomp is run from the core snap.

This also needs to be pushed to the release/2.26 branch

[jdstrand]

Assuming this fixes the issues, +1 (this approach was discussed in the forum)

[codecov-io]

Codecov Report

Merging #3579 into master will decrease coverage by <.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3579      +/-   ##
==========================================
- Coverage   76.82%   76.82%   -0.01%     
==========================================
  Files         379      379              
  Lines       26314    26314              
==========================================
- Hits        20216    20215       -1     
  Misses       4304     4304              
- Partials     1794     1795       +1

Impacted Files	Coverage Δ
cmd/snap-seccomp/main.go	51.68% <ø> (ø)	⬆️
overlord/snapstate/snapstate.go	81.17% <0%> (-0.24%)	⬇️
overlord/ifacestate/helpers.go	65.54% <0%> (ø)	⬆️
cmd/snap/cmd_aliases.go	96% <0%> (+2%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 75e3302...daefc01. Read the comment docs.

[zyga]

Just one comment, +1 on the idea, may need 0.001 adjustments.

[zyga]

Ironically this is incorrect as you'd actually link with libseccomp dynamically. This outputs -lseccomp which is added to the compiler. The line below hard-codes that same (effective) library between two linker options that switch link mode. I think we should drop the pkg-config line and just keep the LDFLAGS line below.

I'll test this locally and push if you agree.

[mvo5]

Sure, that works for me

[zyga]

Pushed, +1 and I'll merge it when green

[zyga]

What is this update about?

[mvo5]

libseccomp-dev in trusty does not have a static library. I added it for trusty and uploaded a new SRU to unblock this, see https://launchpad.net/ubuntu/+source/libseccomp/2.1.1-1ubuntu1~trusty4

[zyga]

❤️ thank you!

[niemeyer]

Looks good-enough to me. Ideally we'll embed the specific bits of libseccomp that we need into the binary proper, as we discussed, but if this works we can push it forward for now and figure the embedding later.

[niemeyer]

Nice, thanks for testing this.