From 17df7223be064b1542dbe868e3b35cca977ee639 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 12 Feb 2014 18:28:21 +0100
Subject: core: rework syscall filter

- Allow configuration of an errno error to return from blacklisted
  syscalls, instead of immediately terminating a process.

- Fix parsing logic when libseccomp support is turned off

- Only keep the actual syscall set in the ExecContext, and generate the
  string version only on demand.
---
 configure.ac | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 518f545bd0..48d63e8797 100644
--- a/configure.ac
+++ b/configure.ac
@@ -327,7 +327,9 @@ have_seccomp=no
 AC_ARG_ENABLE(seccomp, AS_HELP_STRING([--disable-seccomp], [Disable optional SECCOMP support]))
 if test "x$enable_seccomp" != "xno"; then
         PKG_CHECK_MODULES(SECCOMP, [libseccomp >= 1.0.0],
-               [AC_DEFINE(HAVE_SECCOMP, 1, [Define if seccomp is available]) have_seccomp=yes],
+               [AC_DEFINE(HAVE_SECCOMP, 1, [Define if seccomp is available])
+                have_seccomp=yes
+                M4_DEFINES="$M4_DEFINES -DHAVE_SECCOMP"],
                [have_seccomp=no])
         if test "x$have_seccomp" = "xno" -a "x$enable_seccomp" = "xyes"; then
                 AC_MSG_ERROR([*** seccomp support requested but libraries not found])
-- 
cgit v1.2.3-54-g00ecf