git.eshelyaron.com Git - emacs.git/commit

author	Philipp Stephani <phst@google.com>
	Mon, 14 Dec 2020 20:25:11 +0000 (21:25 +0100)
committer	Philipp Stephani <phst@google.com>
	Sat, 10 Apr 2021 16:47:26 +0000 (18:47 +0200)
commit	be8328acf9aa464f848e682e63e417a18529af9e
tree	b7f8191920af5e326b2a2feac9ddbeb8551fadba	tree \| snapshot
parent	53dfd85a7f971875e716a55f010ee508bce89eed	commit \| diff

Add support for --seccomp command-line option.

When passing this option on GNU/Linux, Emacs installs a Secure
Computing kernel system call filter. See Bug#45198.

* configure.ac: Check for seccomp header.

* src/emacs.c (usage_message): Document --seccomp option.
(emacs_seccomp): New wrapper for 'seccomp' syscall.
(load_seccomp, maybe_load_seccomp): New helper functions.
(main): Potentially load seccomp filters during startup.
(standard_args): Add --seccomp option.

* lisp/startup.el (command-line): Detect and ignore --seccomp option.

* test/src/emacs-tests.el (emacs-tests/seccomp/absent-file)
(emacs-tests/seccomp/empty-file)
(emacs-tests/seccomp/file-too-large)
(emacs-tests/seccomp/invalid-file-size): New unit tests.
(emacs-tests--with-temp-file): New helper macro.

* etc/NEWS: Document new --seccomp option.

configure.ac		diff \| blob \| history
etc/NEWS		diff \| blob \| history
lisp/startup.el		diff \| blob \| history
src/emacs.c		diff \| blob \| history
test/src/emacs-tests.el	[new file with mode: 0644]	blob