This is an automated email from the ASF dual-hosted git repository. abudnik pushed a commit to branch 1.8.x in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/1.8.x by this push: new a684f07 Allowed compiling Seccomp isolator on older kernel versions. a684f07 is described below commit a684f073db683d83965fccbc7e5a308e35a7da9c Author: Andrei Budnik <abud...@mesosphere.com> AuthorDate: Wed May 1 11:52:49 2019 +0200 Allowed compiling Seccomp isolator on older kernel versions. This patch removes dependency on `linux/seccomp.h` header, which may be missing on some Linux distributions. Review: https://reviews.apache.org/r/70567/ --- configure.ac | 8 -------- src/slave/containerizer/mesos/isolators/linux/seccomp.cpp | 10 ++++++++-- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac index a367c28..8f3a36e 100644 --- a/configure.ac +++ b/configure.ac @@ -1627,14 +1627,6 @@ The Seccomp isolator is only supported on Linux. ------------------------------------------------------------------- ])]) - AC_CHECK_HEADERS([linux/seccomp.h], [], - [AC_MSG_ERROR([Cannot find seccomp system headers -------------------------------------------------------------------- -Please install the Linux kernel headers and make sure that you have -Linux kernel 3.5+ installed. -------------------------------------------------------------------- - ])]) - # Check if libseccomp prefix path was supplied and if so, add it to # CPPFLAGS while extending it by /include and to LDFLAGS while # extending it by /lib. diff --git a/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp b/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp index 5624c24..bb35c6e 100644 --- a/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp +++ b/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp @@ -14,8 +14,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include <linux/seccomp.h> - #include <sys/prctl.h> #include <stout/path.hpp> @@ -34,6 +32,14 @@ using mesos::slave::ContainerConfig; using mesos::slave::ContainerLaunchInfo; using mesos::slave::Isolator; +// NOTE: The definition below was taken from the Linux Kernel sources. +// +// TODO(abudnik): This definition should be removed in favor of using +// `linux/seccomp.h` once we drop support for kernels older than 3.5. +#if !defined(SECCOMP_MODE_FILTER) +#define SECCOMP_MODE_FILTER 2 +#endif + namespace mesos { namespace internal { namespace slave {