On some distributions, on ppc64, ulimit -s returns 'unlimited': add a reasonable default, and also make sure ulimit is invoked using the default shell, which should ensure ulimit is actually implemented. Also note that AUDIT_ARCH doesn't follow closely the naming reported by 'uname -m': convert for i386 and ppc as needed. While at it, move inclusion of seccomp.h after util.h, the former is less generic (cosmetic/clang-tidy only). Older kernel headers might lack a definition for AUDIT_ARCH_PPC64LE: define that explicitly if it's not available. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- Makefile | 14 ++++++++++++-- passt.c | 2 +- seccomp.sh | 6 +++++- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index c73a786..4647210 100644 --- a/Makefile +++ b/Makefile @@ -9,11 +9,21 @@ # Copyright (c) 2021 Red Hat GmbH # Author: Stefano Brivio <sbrivio(a)redhat.com> +RLIMIT_STACK_VAL := $(shell /bin/sh -c 'ulimit -s') +ifeq ($(RLIMIT_STACK_VAL),unlimited) +RLIMIT_STACK_VAL := 1024 +endif + +AUDIT_ARCH := $(shell uname -m | tr [a-z] [A-Z]) +AUDIT_ARCH := $(shell echo $(AUDIT_ARCH) | sed 's/I[456]86/I386/') +AUDIT_ARCH := $(shell echo $(AUDIT_ARCH) | sed 's/PPC64/PPC/') +AUDIT_ARCH := $(shell echo $(AUDIT_ARCH) | sed 's/PPCLE/PPC64LE/') + CFLAGS += -Wall -Wextra -pedantic -std=c99 -D_XOPEN_SOURCE=700 -D_GNU_SOURCE -CFLAGS += -DRLIMIT_STACK_VAL=$(shell ulimit -s) CFLAGS += -DPAGE_SIZE=$(shell getconf PAGE_SIZE) CFLAGS += -DNETNS_RUN_DIR=\"/run/netns\" -CFLAGS += -DPASST_AUDIT_ARCH=AUDIT_ARCH_$(shell uname -m | tr [a-z] [A-Z]) +CFLAGS += -DPASST_AUDIT_ARCH=AUDIT_ARCH_$(AUDIT_ARCH) +CFLAGS += -DRLIMIT_STACK_VAL=$(RLIMIT_STACK_VAL) CFLAGS += -DARCH=\"$(shell uname -m)\" # On gcc 11.2, with -O2 and -flto, tcp_hash() and siphash_20b(), if inlined, diff --git a/passt.c b/passt.c index 3581428..4f2b896 100644 --- a/passt.c +++ b/passt.c @@ -56,8 +56,8 @@ #include <linux/capability.h> #include <linux/icmpv6.h> -#include "seccomp.h" #include "util.h" +#include "seccomp.h" #include "passt.h" #include "dhcp.h" #include "dhcpv6.h" diff --git a/seccomp.sh b/seccomp.sh index a055420..c710ce4 100755 --- a/seccomp.sh +++ b/seccomp.sh @@ -16,7 +16,11 @@ TMP="$(mktemp)" OUT="seccomp.h" -HEADER="/* This file was automatically generated by $(basename ${0}) */" +HEADER="/* This file was automatically generated by $(basename ${0}) */ + +#ifndef AUDIT_ARCH_PPC64LE +#define AUDIT_ARCH_PPC64LE (AUDIT_ARCH_PPC64 | __AUDIT_ARCH_LE) +#endif" # Prefix for each profile: check that 'arch' in seccomp_data is matching PRE=' -- 2.33.0