AC_SUBST([BLESSMAIL_TARGET])
AC_SUBST([LIBS_MAIL])
-AC_CHECK_HEADERS([linux/seccomp.h], [HAVE_SECCOMP=yes])
+HAVE_SECCOMP=no
+AC_CHECK_HEADERS(
+ [linux/seccomp.h],
+ [AC_CHECK_DECLS(
+ [SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC],
+ [HAVE_SECCOMP=yes], [],
+ [[
+ #include <linux/seccomp.h>
+ ]])])
LIBSECCOMP=
AC_CHECK_HEADER([seccomp.h],
# include <sys/socket.h>
#endif
-#ifdef HAVE_LINUX_SECCOMP_H
+#if defined HAVE_LINUX_SECCOMP_H \
+ && HAVE_DECL_SECCOMP_SET_MODE_FILTER \
+ && HAVE_DECL_SECCOMP_FILTER_FLAG_TSYNC
+# define SECCOMP_USABLE 1
+#else
+# define SECCOMP_USABLE 0
+#endif
+
+#if SECCOMP_USABLE
# include <linux/seccomp.h>
# include <linux/filter.h>
# include <sys/prctl.h>
--dump-file FILE read dumped state from FILE\n\
",
#endif
-#ifdef HAVE_LINUX_SECCOMP_H
+#if SECCOMP_USABLE
"\
--sandbox=FILE read Seccomp BPF filter from FILE\n\
"
}
#endif /* HAVE_PDUMPER */
-#ifdef HAVE_LINUX_SECCOMP_H
+#if SECCOMP_USABLE
/* Wrapper function for the `seccomp' system call on GNU/Linux. This
system call usually doesn't have a wrapper function. See the
fatal ("cannot enable seccomp filter from %s", file);
}
-#endif /* HAVE_LINUX_SECCOMP_H */
+#endif /* SECCOMP_USABLE */
int
main (int argc, char **argv)
/* First, check whether we should apply a seccomp filter. This
should come at the very beginning to allow the filter to protect
the initialization phase. */
-#ifdef HAVE_LINUX_SECCOMP_H
+#if SECCOMP_USABLE
maybe_load_seccomp (argc, argv);
#endif
#ifdef HAVE_PDUMPER
{ "-dump-file", "--dump-file", 1, 1 },
#endif
-#ifdef HAVE_LINUX_SECCOMP_H
+#if SECCOMP_USABLE
{ "-seccomp", "--seccomp", 1, 1 },
#endif
#ifdef HAVE_NS