On Tue, Aug 26, 2014 at 01:57:08AM +0000, Shawn Routhier via RT wrote:
> On Fri Aug 22 08:06:28 2014, logan@elandsys.com wrote:
> 
> > Hi Shawn, Can I upload the diff now ?
> >
> 
> Yes, we are working on the ticket list for 4.3.2 now
> uploading the proposed patch would be fine.
> 
> thanks,
> Shawn
> 

Hi Shawn, please find the first patch for the configure.ac script.

(I'll upload the rest soon -- I'm still debugging a few stuff).

diff --git a/configure.ac b/configure.ac
index d5bd6de..239fe03 100644
--- a/configure.ac
+++ b/configure.ac
@@ -145,6 +145,60 @@ if test "$enable_early_chroot" = "yes" ; then
 		  [Define to any value to chroot() prior to loading config.])
 fi
 
+# LIBSECCOMP is off by default -- needs testing with all the features
+AC_ARG_ENABLE(seccomp,
+	AS_HELP_STRING([--enable-seccomp],[enable support for seccomp sandboxing using libseccomp (default is no)]))
+if test "$enable_libseccomp" = "yes" ; then
+	AC_SEARCH_LIBS(seccomp_init, [seccomp])
+	if test "$ac_cv_search_seccomp_init" = "-lseccomp" ; then
+		AC_DEFINE([LIBSECCOMP], [1],
+			[Define to any value to include libseccomp sandboxing.])
+	fi
+	# Test for kernel seccomp v2 support
+	AC_TRY_RUN([
+	#include <stdio.h>
+	#include <stdlib.h>
+	#include <errno.h>
+	#include <sys/prctl.h>
+	#include <linux/seccomp.h>
+
+	int main(void)
+	{
+		int ret;
+		ret = prctl(PR_GET_SECCOMP, 0, 0, 0, 0);
+		if (ret < 0) {
+			switch (errno) {
+			case ENOSYS:
+				return 1;
+			case EINVAL:
+				return 1;
+			default:
+				return 1;
+			}
+		}
+		ret = 
+		prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
+		if (ret < 0) {
+			switch (errno) {
+			case EINVAL:
+				return 1;
+			case EFAULT:
+				return 0;
+			default:
+				return 1;
+			}
+		}
+		return 1;
+	}
+]
+, AC_DEFINE([KERN_SECCOMP], 1, 
+[Define to use libseccomp system call filtering.])   
+, []
+)
+
+fi
+
+
 AC_ARG_ENABLE(ipv4_pktinfo,
 	AS_HELP_STRING([--enable-ipv4-pktinfo],[enable use of pktinfo on IPv4 sockets (default is no)]))
 
@@ -655,9 +709,10 @@ Flags:
   CFLAGS:        $CFLAGS
 
 Features:
-  debug:         $enable_debug
-  failover:      $enable_failover
-  execute:       $enable_execute
+  debug:         	$enable_debug
+  failover:      	$enable_failover
+  execute:       	$enable_execute
+  seccomp sandbox:	$enable_seccomp
 
 Developer:
   ATF unittests : $atf_path