Use kafel unconditionally

2017-05-08 15:50:29 +02:00 · 2017-05-08 15:50:29 +02:00 · d9cb28b97d
commit d9cb28b97d
parent 9414b1a635
3 changed files with 5 additions and 22 deletions
--- a/20
+++ b/20
@ -23,26 +23,20 @@ CFLAGS += -O2 -c -std=gnu11 \
 	-D_GNU_SOURCE \
 	-fstack-protector-all -Wformat -Wformat=2 -Wformat-security -fPIE \
 	-Wno-format-nonliteral \
-	-Wall -Wextra -Werror
+	-Wall -Wextra -Werror \
+	-Ikafel/include

 LDFLAGS += -Wl,-z,now -Wl,-z,relro -pie -Wl,-z,noexecstack

 SRCS = nsjail.c cmdline.c contain.c log.c cgroup.c mount.c net.c pid.c sandbox.c subproc.c user.c util.c uts.c
 OBJS = $(SRCS:.c=.o)
 BIN = nsjail
+LIBS = kafel/libkafel.a

 ifdef DEBUG
 	CFLAGS += -g -ggdb -gdwarf-4
 endif

-USE_KAFEL ?= yes
-ifneq ("$(wildcard kafel/include/kafel.h)","")
-ifeq ($(USE_KAFEL), yes)
-	CFLAGS += -I./kafel/include/ -DUSE_KAFEL
-	LIBS += kafel/libkafel.a
-endif
-endif
-
 USE_NL3 ?= yes
 ifeq ("$(wildcard /usr/include/libnl3/netlink/route/link/macvlan.h)","/usr/include/libnl3/netlink/route/link/macvlan.h")
 ifeq ($(USE_NL3), yes)
@ -59,19 +53,15 @@ all: $(BIN)
 $(BIN): $(OBJS) $(LIBS)
 	$(CC) -o $(BIN) $(OBJS) $(LIBS) $(LDFLAGS)

-ifneq ("$(wildcard kafel/Makefile)","")
 kafel/libkafel.a:
 	$(MAKE) -C kafel
-endif

 clean:
 	$(RM) core Makefile.bak $(OBJS) $(BIN)
-ifneq ("$(wildcard kafel/Makefile)","")
 	$(MAKE) -C kafel clean
-endif

 depend:
-	makedepend -Y. -- -- $(SRCS)
+	makedepend -Y -Ykafel/include -- -- $(SRCS)

 indent:
 	indent -linux -l100 -lc100 *.c *.h; rm -f *~
@ -87,7 +77,7 @@ cgroup.o: cgroup.h common.h log.h util.h
 mount.o: mount.h common.h log.h subproc.h util.h
 net.o: net.h common.h log.h subproc.h
 pid.o: pid.h common.h log.h subproc.h
-sandbox.o: sandbox.h common.h log.h
+sandbox.o: sandbox.h common.h log.h kafel/include/kafel.h
 subproc.o: subproc.h common.h cgroup.h contain.h log.h net.h sandbox.h user.h
 subproc.o: util.h
 user.o: user.h common.h log.h subproc.h util.h
--- a/cmdline.c
+++ b/cmdline.c
@ -764,11 +764,9 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
 		p->outside_id = getgid();
 		TAILQ_INSERT_HEAD(&nsjconf->gids, p, pointers);
 	}
-#if !defined(USE_KAFEL)
 	if (nsjconf->kafel_file != NULL || nsjconf->kafel_string != NULL) {
 		LOG_F("Kafel policy specified but the kafel/ is not compiled in");
 	}
-#endif				/* !defined(USE_KAFEL) */

 	if (logInitLogFile(nsjconf, logfile, log_level) == false) {
 		return false;
--- a/sandbox.c
+++ b/sandbox.c
@ -27,10 +27,7 @@

 #include "common.h"
 #include "log.h"
-
-#if defined(USE_KAFEL)
 #include "kafel.h"
-#endif				// defined(USE_KAFEL)

 #ifndef PR_SET_NO_NEW_PRIVS
 #define PR_SET_NO_NEW_PRIVS 38
@ -38,7 +35,6 @@

 static bool sandboxPrepareAndCommit(struct nsjconf_t *nsjconf __attribute__ ((unused)))
 {
-#if defined(USE_KAFEL)
 	if (nsjconf->kafel_file == NULL && nsjconf->kafel_string == NULL) {
 		return true;
 	}
@ -67,7 +63,6 @@ static bool sandboxPrepareAndCommit(struct nsjconf_t *nsjconf __attribute__ ((un
 		PLOG_W("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER) failed");
 		return false;
 	}
-#endif				/* defined(USE_KAFEL) */
 	return true;
 }