git.eshelyaron.com Git - emacs.git/commit

author	Philipp Stephani <phst@google.com>
	Mon, 14 Dec 2020 20:25:11 +0000 (21:25 +0100)
committer	Philipp Stephani <phst@google.com>
	Tue, 29 Dec 2020 13:37:51 +0000 (14:37 +0100)
commit	2334f9bfa3f54a606d1748ab86ee9fd481369d7a
tree	164b70b2201852b24440ad29ebfc2e7027a8064c	tree \| snapshot
parent	a4eb3bd7d5c4ae63efebfd77120c64e993cb872e	commit \| diff

Add support for --seccomp command-line option.

When passing this option on GNU/Linux, Emacs installs a Secure
Computing kernel system call filter. See Bug#45198.

* configure.ac: Check for seccomp header.

* src/emacs.c (usage_message): Document --seccomp option.
(emacs_seccomp): New wrapper for 'seccomp' syscall.
(load_seccomp, maybe_load_seccomp): New helper functions.
(main): Potentially load seccomp filters during startup.
(standard_args): Add --seccomp option.

* lisp/startup.el (command-line): Detect and ignore --seccomp option.

* test/src/emacs-tests.el (emacs-tests/seccomp/absent-file)
(emacs-tests/seccomp/empty-file)
(emacs-tests/seccomp/file-too-large)
(emacs-tests/seccomp/invalid-file-size): New unit tests.
(emacs-tests--with-temp-file): New helper macro.

* etc/NEWS: Document new --seccomp option.

configure.ac		diff \| blob \| history
etc/NEWS		diff \| blob \| history
lisp/startup.el		diff \| blob \| history
src/emacs.c		diff \| blob \| history
test/src/emacs-tests.el	[new file with mode: 0644]	blob