Skip to content

include the correct header for syscall definitions#558

Open
eli-schwartz wants to merge 1 commit intocontainers:mainfrom
eli-schwartz:prune-headerdeps
Open

include the correct header for syscall definitions#558
eli-schwartz wants to merge 1 commit intocontainers:mainfrom
eli-schwartz:prune-headerdeps

Conversation

@eli-schwartz
Copy link

@eli-schwartz eli-schwartz commented Apr 27, 2025

This file needs to utilize __NR_seccomp, which is defined in the linux uapi headers, not seccomp.h, even though seccomp.h does itself indirectly cause this header to be included as well.

Nothing else in this particular file needs seccomp.h so drop that include altogether since it's now entirely unused.

@eli-schwartz
include the correct header for syscall definitions
affe3a0 
This file needs to utilize `__NR_seccomp`, which is defined in the linux
uapi headers, not seccomp.h, even though seccomp.h does itself
indirectly cause this header to be included as well.

Nothing else in this particular file needs seccomp.h so drop that
include altogether since it's now entirely unused.

Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
@jnovy
Copy link
Collaborator

jnovy commented Apr 28, 2025

Assuming more appropriate is to #include <syscall.h> or #include <sys/syscall.h> as seccomp_notify.c needs this to call the __NR_seccomp syscall?

@jnovy jnovy self-requested a review April 28, 2025 10:16
jnovy
jnovy requested changes Apr 29, 2025
View reviewed changes
src/seccomp_notify.c
#include <sys/sysmacros.h>
#include <linux/seccomp.h>
#include <seccomp.h>
#include <asm/unistd.h>
Copy link
Collaborator

@jnovy jnovy Apr 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming more appropriate is to #include <syscall.h> or #include <sys/syscall.h> as seccomp_notify.c needs this to call the __NR_seccomp syscall?

kolyshkin
kolyshkin reviewed May 2, 2025
View reviewed changes
Copy link
Collaborator

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, this does not fix anything, except maybe simplifies things a little.

There must be an underlying reason for this change, can you please share it @eli-schwartz ?

@thesamesam
Copy link

thesamesam commented May 18, 2025

The motivation here is to be able to drop the libseccomp dependency in our packaging, given there's already a reliance on linux-headers here, so we may as well get the same information from that.

@eli-schwartz
Copy link
Author

eli-schwartz commented May 18, 2025

Hi, sorry for the delay in responding (thanks Sam for prodding me).

As Sam said, the underlying goal here was trying to remove unneeded deps. I was trying to figure out where libseccomp was(n't) used and this seemed to jump out at me early on.

I've looked a bit deeper, and it seems this could in theory be useful for EOL kernels, but shouldn't try to support unsupported EOL kernels. However if we do want that it should be a configure time kernel check... I can update to do that instead if you prefer.

WDYT about requiring kernel 5.0?

@giuseppe
Copy link
Member

giuseppe commented Jul 14, 2025

WDYT about requiring kernel 5.0?

sorry for the delay to get to this. That is fine.

@jnovy
Copy link
Collaborator

jnovy commented Aug 11, 2025

@eli-schwartz Are you planning to update your PR based on your comment?

However if we do want that it should be a configure time kernel check... I can update to do that instead if you prefer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kolyshkin kolyshkin kolyshkin left review comments

@jnovy jnovy jnovy requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@eli-schwartz @jnovy @thesamesam @giuseppe @kolyshkin