diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2023-05-10 23:44:42 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2023-05-10 23:44:42 +0100 |
| commit | f356af92b88d56b78588e81310493d4f5a2f6d18 (patch) | |
| tree | 0326fb33173ae3d096527af28f85685515533fbb /dev-util/scap-driver | |
| parent | 560358ad7081e6bb2a4e097d4c442b0bab626163 (diff) | |
gentoo auto-resync : 10:05:2023 - 23:44:41
Diffstat (limited to 'dev-util/scap-driver')
| -rw-r--r-- | dev-util/scap-driver/Manifest | 2 | ||||
| -rw-r--r-- | dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.3+.patch | 20 | ||||
| -rw-r--r-- | dev-util/scap-driver/scap-driver-0.29.3-r2.ebuild | 60 |
3 files changed, 82 insertions, 0 deletions
diff --git a/dev-util/scap-driver/Manifest b/dev-util/scap-driver/Manifest index af35cc9042f1..f70143e6160e 100644 --- a/dev-util/scap-driver/Manifest +++ b/dev-util/scap-driver/Manifest @@ -1,6 +1,8 @@ AUX 0.29.3-fix-kmod-build-on-5.18+.patch 2363 BLAKE2B 8e5a89b68fb67076d01a7dc295157d2f2542a2db84460a35ed3162b77ff860097f1761317b93dec6aa0d6294b4414e445fd2c94df700bb5d738210982174f595 SHA512 f7c1e57cb05de1a97a3332055f6d6f74a637f38281a4e98b202cf84c9dd02b90e0b4fee3dbc44653760231ce55ad396aec3018b3b239249b6a37b018f672fba4 AUX 0.29.3-fix-kmod-build-on-6.2+.patch 1420 BLAKE2B 45f312bce9ce3dbaa0ddd300ccfd7dfcc3fb6d537cd0b716642d25b4c5a3747798ca23d237d67c92d32da500edb5e0458bfdff4a940d2f6fdb84144c5687028d SHA512 4b84a2559cb6a72d294b5cac6ec2d6f2de8ae90e298e27afcdff6bc046366afca6468ac923c4197623f14bbe0a4d0bd3757f34740a367e6b7c4e76472b102379 +AUX 0.29.3-fix-kmod-build-on-6.3+.patch 939 BLAKE2B c626a6c9e41510d9720a8d161f4b6fa2efc729437cffdeea97ab346b0dca9a18af82339e403b63c7ac297304893f686a20f5c612df417229b82701367530098d SHA512 c2b020de87c92724f93a0937e2ece2f1e88f8b0dbb5b1d85bffccd51fddc1fc2024fe0ae222f2f01adeb5dc34964b1e86f27f0bdfee347bf1bb927388c1b6c5c DIST falcosecurity-libs-e5c53d648f3c4694385bbe488e7d47eaa36c229a.tar.gz 816972 BLAKE2B b47ae6a7677935500ebdab8aea7f4c49ef50b7175ec097e7213a1f041ac2b5aa642379924927ec12c84271016e9ab9d191c0c1d4ffacd6ade58b7a03c37f9221 SHA512 65e5916e5f9507fd867a5e9ba3b2670a1b73b7672a22479d3019e948a52ad74441d7e2ce1c74ebd0fdbd1ce66808efa49f285bd5180bceae9d4e6730a60787ce EBUILD scap-driver-0.29.3-r1.ebuild 1871 BLAKE2B fa97c444251044913625228bd42d8ab22be21f69ddc75f4e45c15df832c1d1a6dab927f146fdb03addfa244a71ae2329d9651a2a454b79f45dd8a99eb53509da SHA512 7cc7ec73b64691fb8109b4fb406ce3ce565d9d09ead707290394599035f9d6059e5f88bce857b380c967a1edf008442541d692fd453a57880c1f61458da736d9 +EBUILD scap-driver-0.29.3-r2.ebuild 1921 BLAKE2B 992e21dfddd65f396a715da0040abbd33dea30c8e0347bdb4dd3886e10f4b4ccfd1c9083e63d422b99b4eff32494dfc026550ddef96e345a03d19d8ea5a94219 SHA512 6a7ba57ae0a3cde946981dea2e36a77342a4333dd41d47e4cb3f1938219d47c5fc89f267ced7650413217a36de2f132c8aac3650d20b18e2574c88654ab094a5 EBUILD scap-driver-0.29.3.ebuild 1818 BLAKE2B 739c7da7402f536aa4ee483c77de16498fef6460bdaad84f35bb7bb6f4ad06daac2e99349498f68f741c8348120ccb535bdaa7333d17ce10f3feea78d4889ddf SHA512 7c7d39dc69f2cdc28e656911513ca560722399b051adb5ef6a5626503536337ab7eeae39a2b9ababd217188324e4f270cc3ff9105ca04c63f3f9a919ebf26931 MISC metadata.xml 494 BLAKE2B d0bc754d3af2488b9dc7672fc63e962f4c885d88a819e4332bd1c25f84c967e2e1cd8489122490a864cbfd930225b3dc28c8bfad4426750c030dce6ef5a08b4e SHA512 b77b7c103cfb606333814af210a0fae1f7956ddd9d3c3a044b0bebf42553f5ffe99d04549fb9c5e40fce33e9d23761830b4944b2cd83bd8ca2193f9b7da60fc0 diff --git a/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.3+.patch b/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.3+.patch new file mode 100644 index 000000000000..6926df857179 --- /dev/null +++ b/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.3+.patch @@ -0,0 +1,20 @@ + +Bug: https://github.com/falcosecurity/libs/issues/1063 +Subset of patch taken from: https://github.com/falcosecurity/libs/pull/1071 + +diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c +index 0441923c6d..cfa967f134 100644 +--- a/driver/ppm_fillers.c ++++ b/driver/ppm_fillers.c +@@ -1329,7 +1329,10 @@ int f_proc_startupdate(struct event_filler_arguments *args) + + if (exe_file != NULL) { + if (file_inode(exe_file) != NULL) { +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0) ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 3, 0) ++ exe_writable |= (file_permission(exe_file, MAY_WRITE) == 0); ++ exe_writable |= inode_owner_or_capable(file_mnt_idmap(exe_file), file_inode(exe_file)); ++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0) + exe_writable |= (inode_permission(current_user_ns(), file_inode(exe_file), MAY_WRITE) == 0); + exe_writable |= inode_owner_or_capable(current_user_ns(), file_inode(exe_file)); + #else diff --git a/dev-util/scap-driver/scap-driver-0.29.3-r2.ebuild b/dev-util/scap-driver/scap-driver-0.29.3-r2.ebuild new file mode 100644 index 000000000000..129db40bcb86 --- /dev/null +++ b/dev-util/scap-driver/scap-driver-0.29.3-r2.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit cmake linux-mod + +DESCRIPTION="Kernel module for dev-util/sysdig" +HOMEPAGE="https://sysdig.com/" + +# The driver is part of falcosecurity/libs, but for versioning reasons we cannot (yet) +# use semver-released packages; instead we pull in a commit that is used and known +# to work with sysdig, see sysdig/cmake/modules/falcosecurity-libs.cmake for details. +# For now the commit here and the one referenced in sysdig should be in sync. +LIBS_COMMIT="e5c53d648f3c4694385bbe488e7d47eaa36c229a" +SRC_URI="https://github.com/falcosecurity/libs/archive/${LIBS_COMMIT}.tar.gz -> falcosecurity-libs-${LIBS_COMMIT}.tar.gz" +S="${WORKDIR}/libs-${LIBS_COMMIT}" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86" + +RDEPEND="!<dev-util/sysdig-${PV}[modules]" + +CONFIG_CHECK="HAVE_SYSCALL_TRACEPOINTS ~TRACEPOINTS" + +PATCHES=( + "${FILESDIR}"/${PV}-fix-kmod-build-on-5.18+.patch + "${FILESDIR}"/${PV}-fix-kmod-build-on-6.2+.patch + "${FILESDIR}"/${PV}-fix-kmod-build-on-6.3+.patch +) + +src_configure() { + local mycmakeargs=( + # we will use linux-mod, so just pretend to use bundled deps + # in order to make it through the cmake setup. + -DUSE_BUNDLED_DEPS=ON + -DCREATE_TEST_TARGETS=OFF + -DDRIVER_VERSION=${LIBS_COMMIT} + ) + + cmake_src_configure + + # setup linux-mod ugliness + MODULE_NAMES="scap(extra:${BUILD_DIR}/driver/src:)" + BUILD_PARAMS='KERNELDIR="${KERNEL_DIR}"' + # work with clang-built kernels (#816024) + if linux_chkconfig_present CC_IS_CLANG; then + BUILD_PARAMS+=' CC=${CHOST}-clang' + if linux_chkconfig_present LD_IS_LLD; then + BUILD_PARAMS+=' LD=ld.lld' + if linux_chkconfig_present LTO_CLANG_THIN; then + # kernel enables cache by default leading to sandbox violations + BUILD_PARAMS+=' ldflags-y=--thinlto-cache-dir= LDFLAGS_MODULE=--thinlto-cache-dir=' + fi + fi + fi + + BUILD_TARGETS="all" +} |