diff options
| author | Julian Andres Klode <jak@debian.org> | 2017-10-22 23:34:03 +0200 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2017-10-22 23:38:31 +0200 |
| commit | 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch) | |
| tree | 3234d16c59f85a84a02371e6ef2f0bc79af42738 /methods/CMakeLists.txt | |
| parent | 9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff) | |
Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh
This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.
Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.
We might want to clean up things a bit more and/or move it
somewhere else.
Diffstat (limited to 'methods/CMakeLists.txt')
| -rw-r--r-- | methods/CMakeLists.txt | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/methods/CMakeLists.txt b/methods/CMakeLists.txt index 72f07e87e..60c636c7b 100644 --- a/methods/CMakeLists.txt +++ b/methods/CMakeLists.txt @@ -1,4 +1,6 @@ # Create the executable targets +include_directories($<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_INCLUDE_DIR}>) + add_executable(file file.cc) add_executable(copy copy.cc) add_executable(store store.cc) @@ -14,16 +16,16 @@ target_compile_definitions(http PRIVATE ${GNUTLS_DEFINITIONS}) target_include_directories(http PRIVATE ${GNUTLS_INCLUDE_DIR}) # Link the executables against the libraries -target_link_libraries(file apt-pkg) -target_link_libraries(copy apt-pkg) -target_link_libraries(store apt-pkg) -target_link_libraries(gpgv apt-pkg) -target_link_libraries(cdrom apt-pkg) -target_link_libraries(http apt-pkg ${GNUTLS_LIBRARIES}) -target_link_libraries(mirror apt-pkg ${RESOLV_LIBRARIES} ${GNUTLS_LIBRARIES}) -target_link_libraries(ftp apt-pkg ${GNUTLS_LIBRARIES}) -target_link_libraries(rred apt-pkg) -target_link_libraries(rsh apt-pkg) +target_link_libraries(file apt-pkg $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(copy apt-pkg $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(store apt-pkg $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(gpgv apt-pkg $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(cdrom apt-pkg $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(http apt-pkg ${GNUTLS_LIBRARIES} $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(mirror apt-pkg ${RESOLV_LIBRARIES} ${GNUTLS_LIBRARIES} $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(ftp apt-pkg ${GNUTLS_LIBRARIES} $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(rred apt-pkg $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) +target_link_libraries(rsh apt-pkg $<$<BOOL:${SECCOMP_FOUND}>:${SECCOMP_LIBRARIES}>) # Install the library install(TARGETS file copy store gpgv cdrom http ftp rred rsh mirror |