diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-07-16 14:35:52 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-08-02 12:25:58 +0000 |
commit | ad7f06781bdc41b3c4c54526084ea41d81f4733e (patch) | |
tree | 22b42aa248000ee14882b002055c9adb1e97d110 /pkgs/applications/virtualization | |
parent | eb38d95b8aa707888250bc121c7fc6002e4c9761 (diff) |
crosvm: precompile seccomp policy files
This saves crosvm having to compile them at runtime, and allows us to catch more errors at build time.
Diffstat (limited to 'pkgs/applications/virtualization')
-rw-r--r-- | pkgs/applications/virtualization/crosvm/default.nix | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/pkgs/applications/virtualization/crosvm/default.nix b/pkgs/applications/virtualization/crosvm/default.nix index 8309b856936c5..6b9143c776e34 100644 --- a/pkgs/applications/virtualization/crosvm/default.nix +++ b/pkgs/applications/virtualization/crosvm/default.nix @@ -1,5 +1,5 @@ { stdenv, lib, rustPlatform, fetchgit -, pkg-config, wayland-scanner +, minijail-tools, pkg-config, wayland-scanner , libcap, libdrm, libepoxy, minijail, virglrenderer, wayland, wayland-protocols , linux }: @@ -29,7 +29,7 @@ in cargoLock.lockFile = ./Cargo.lock; - nativeBuildInputs = [ pkg-config wayland-scanner ]; + nativeBuildInputs = [ minijail-tools pkg-config wayland-scanner ]; buildInputs = [ libcap libdrm libepoxy minijail virglrenderer wayland wayland-protocols @@ -37,19 +37,24 @@ in postPatch = '' cp ${./Cargo.lock} Cargo.lock - sed -i "s|/usr/share/policy/crosvm/|$out/share/policy/|g" \ - seccomp/*/*.policy + sed -i "s|/usr/share/policy/crosvm/|$PWD/seccomp/${arch}/|g" \ + seccomp/${arch}/*.policy ''; preBuild = '' export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy + + for policy in seccomp/${arch}/*.policy; do + compile_seccomp_policy \ + --default-action trap $policy ''${policy%.policy}.bpf + done ''; buildFeatures = [ "default" "virgl_renderer" "virgl_renderer_next" ]; postInstall = '' mkdir -p $out/share/policy/ - cp seccomp/${arch}/* $out/share/policy/ + cp -v seccomp/${arch}/*.bpf $out/share/policy/ ''; CROSVM_CARGO_TEST_KERNEL_BINARY = |