From 2d83d23b56897a047b598a402f505cbad751c261 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Sun, 11 Feb 2024 19:37:59 -0500 Subject: [PATCH] build: handle landlock feature as a tristate option The kernel runtime test does not always work as intended for distribution builds. Instead, if the landlock feature is explicitly enabled, then just check that the header is present (meaning the code will compile). Only if the feature is auto, then check the kernel. Closes: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300 --- meson.build | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/meson.build b/meson.build index 0e0b51e02..3c9099291 100644 --- a/meson.build +++ b/meson.build @@ -187,7 +187,11 @@ endif have_landlock = cc.has_header('linux/landlock.h', required: get_option('landlock')) -if have_landlock and not get_option('landlock').disabled() +# If landlock feature is explicitly enabled and header is present, do not perform +# a runtime test, as this might be e.g. a distribution build in an isolated build +# environment and/or on an older kernel. If feature is auto, then run-check the +# kernel as well. https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300 +if have_landlock and get_option('landlock').auto() landlock_check = cc.run(''' #include #include @@ -202,10 +206,8 @@ if have_landlock and not get_option('landlock').disabled() ''', name: 'landlock is enabled in kernel') - landlock_enabled = (landlock_check.compiled() and landlock_check.returncode() == 0) - - if get_option('landlock').enabled() and not landlock_enabled - error('Landlock was enabled in build options, but is disabled in the kernel') + if not (landlock_check.compiled() and landlock_check.returncode() == 0) + error('Landlock was auto-enabled in build options, but is disabled in the kernel') endif endif @@ -395,7 +397,7 @@ conf.set('HAVE_POSIX_FADVISE', cc.has_function('posix_fadvise', prefix : '#inclu conf.set('HAVE_STATVFS64', cc.has_header_symbol('sys/statvfs.h', 'statvfs64', args: '-D_LARGEFILE64_SOURCE')) conf.set('HAVE_STRNLEN', cc.has_function('strnlen', prefix : '#include ')) conf.set('HAVE_MEMFD_CREATE', cc.has_function('memfd_create', prefix : '#define _GNU_SOURCE\n#include ')) -conf.set('HAVE_LANDLOCK', have_landlock and landlock_enabled) +conf.set('HAVE_LANDLOCK', have_landlock) conf.set_quoted('LOCALEDIR', get_option('prefix') / get_option('localedir')) conf.set_quoted('SHAREDIR', get_option('prefix') / get_option('datadir')) @@ -507,7 +509,7 @@ summary = [ ' Domain prefix: ' + get_option('domain_prefix'), '\nFeature Support:', ' File monitoring: @0@glib'.format(have_fanotify ? 'fanotify ' : ''), - ' Landlock: ' + (have_landlock and landlock_enabled).to_string(), + ' Landlock: ' + have_landlock.to_string(), ' BTRFS subvolumes: ' + have_btrfs_ioctl.to_string(), ' Battery/mains power detection: ' + battery_detection_library_name, ' Support for network status detection: ' + have_network_manager.to_string(), @@ -567,14 +569,10 @@ if not get_option('seccomp') warning('Seccomp sandboxing is disabled.') unsafe = true endif -if get_option('landlock').disabled() +if get_option('landlock').disabled() or not have_landlock warning('Landlock sandboxing is disabled.') unsafe = true endif -if have_landlock and not landlock_enabled - warning('Landlock sandboxing is disabled by kernel configuration.') - unsafe = true -endif if unsafe warning('Run at your own risk. Distribution is discouraged.') -- GitLab