profiles: enable seccomp globally

Upstream has enabled this flag, should be fine for us too but do so prior to syncing with upstream to test for sure. Keeping seccomp disabled for bind-tools since it breaks cross-compilation and fixing it isn't very important.
2025-08-22 23:11:07 +02:00 · 2016-12-28 14:21:15 -08:00 · 2016-12-28 14:21:15 -08:00 · 98385913fe
commit 98385913fe
parent f877fcef83
3 changed files with 10 additions and 3 deletions
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask
@ -0,0 +1,2 @@
+# TODO(marineam): remove after portage-stable/profiles is updated.
+-seccomp
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
@ -32,6 +32,10 @@ USE="${USE} -zeroconf"
 # No need for OpenMP support in GCC and other apps
 USE="${USE} -openmp"

+# Test enabling seccomp globally prior to syncing other profile changes.
+# TODO(marineam): remove after portage-stable/profiles is updated.
+USE="${USE} seccomp"
+
 # Set SELinux policy
 POLICY_TYPES="targeted mcs mls"

--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
@ -41,7 +41,8 @@ app-shells/bash -net vanilla
 # disable nss utilities
 dev-libs/nss -utils

-# enable seccomp support in docker
-app-emulation/docker seccomp
-app-emulation/containerd seccomp
+# needed by docker
 sys-libs/libseccomp static-libs
+
+# bind-tools' configure script breaks when cross-compiling with seccomp enabled
+net-dns/bind-tools -seccomp