diff options
| -rw-r--r-- | configure.ac | 24 | ||||
| -rw-r--r-- | src/pseccomp.c | 4 |
2 files changed, 23 insertions, 5 deletions
diff --git a/configure.ac b/configure.ac index a16d96f..11e5147 100644 --- a/configure.ac +++ b/configure.ac @@ -59,10 +59,28 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([char foo;])], [ AC_MSG_RESULT([no]) CFLAGS="$saved_CFLAGS" ]) -dnl check for -fvisibility=hidden compiler support (GCC >= 4) +dnl check for -ffunction-sections compiler support saved_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -fvisibility=hidden" -AC_MSG_CHECKING([if ${CC} supports -fvisibility=hidden]) +CFLAGS="$CFLAGS -ffunction-sections" +AC_MSG_CHECKING([if ${CC} supports -ffunctions-sections]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([char foo;])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" ]) + +dnl check for -fdata-sections compiler support +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -fdata-sections" +AC_MSG_CHECKING([if ${CC} supports -fdata-sections]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([char foo;])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" ]) + +dnl check for -flto compiler support +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -flto" +AC_MSG_CHECKING([if ${CC} supports -flto]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([char foo;])], [ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) diff --git a/src/pseccomp.c b/src/pseccomp.c index 79b0627..a3ae055 100644 --- a/src/pseccomp.c +++ b/src/pseccomp.c @@ -120,7 +120,7 @@ static const int default_allowed_syscalls[] = { SCMP_SYS(setresuid), SCMP_SYS(setresuid32), SCMP_SYS(setresgid), SCMP_SYS(setresgid32), SCMP_SYS(getuid), SCMP_SYS(getuid32), SCMP_SYS(geteuid), SCMP_SYS(geteuid32), SCMP_SYS(getgid), SCMP_SYS(getgid32), SCMP_SYS(getegid), SCMP_SYS(getegid), - SCMP_SYS(getgroups), SCMP_SYS(getdents), + SCMP_SYS(getgroups), SCMP_SYS(getdents), SCMP_SYS(getdents64), /* operations on processes */ SCMP_SYS(getpgrp), SCMP_SYS(setpgid), SCMP_SYS(getpid), SCMP_SYS(getppid), SCMP_SYS(kill), @@ -163,7 +163,7 @@ static const int jail_allowed_syscalls[] = { SCMP_SYS(setuid), SCMP_SYS(setgid), SCMP_SYS(setresuid), SCMP_SYS(setresgid), SCMP_SYS(getuid), SCMP_SYS(geteuid), SCMP_SYS(getgid), SCMP_SYS(getegid), - SCMP_SYS(getgroups), SCMP_SYS(getdents), + SCMP_SYS(getgroups), SCMP_SYS(getdents), SCMP_SYS(getdents64), SCMP_SYS(getpgrp), SCMP_SYS(setpgid), SCMP_SYS(getpid), SCMP_SYS(getppid), SCMP_SYS(kill), SCMP_SYS(chdir), SCMP_SYS(mount), |