landlock-sandboxer: build against headers which match the sandboxer source
This commit is contained in:
@@ -3,12 +3,24 @@
|
|||||||
# but it will complain (stderr) about an update being available if kernel max ABI != sandbox max ABI.
|
# but it will complain (stderr) about an update being available if kernel max ABI != sandbox max ABI.
|
||||||
{ stdenv
|
{ stdenv
|
||||||
, linux
|
, linux
|
||||||
|
, makeLinuxHeaders
|
||||||
}:
|
}:
|
||||||
|
let
|
||||||
|
linuxHeaders = makeLinuxHeaders {
|
||||||
|
inherit (linux) src version;
|
||||||
|
};
|
||||||
|
in
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "landlock-sandboxer";
|
pname = "landlock-sandboxer";
|
||||||
version = linux.version;
|
version = linux.version;
|
||||||
src = linux.src;
|
src = linux.src;
|
||||||
|
|
||||||
|
NIX_DEBUG = 6;
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
linuxHeaders # to get the right linux headers!
|
||||||
|
];
|
||||||
|
|
||||||
# sourceRoot = "linux-${version}/samples/landlock";
|
# sourceRoot = "linux-${version}/samples/landlock";
|
||||||
preBuild = ''
|
preBuild = ''
|
||||||
cd samples/landlock
|
cd samples/landlock
|
||||||
@@ -20,6 +32,10 @@ stdenv.mkDerivation rec {
|
|||||||
install -m755 sandboxer $out/bin
|
install -m755 sandboxer $out/bin
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
passthru = {
|
||||||
|
inherit linuxHeaders;
|
||||||
|
};
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
description = ''
|
description = ''
|
||||||
The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.
|
The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.
|
||||||
|
Reference in New Issue
Block a user