From 98385913fe59cc76111b6496ec08ad138d33c619 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 28 Dec 2016 14:21:15 -0800
Subject: [PATCH] profiles: enable seccomp globally

Upstream has enabled this flag, should be fine for us too but do so
prior to syncing with upstream to test for sure.

Keeping seccomp disabled for bind-tools since it breaks
cross-compilation and fixing it isn't very important.
---
 .../coreos-overlay/profiles/coreos/arm64/use.mask          | 2 ++
 .../coreos-overlay/profiles/coreos/base/make.defaults      | 4 ++++
 .../profiles/coreos/targets/generic/package.use            | 7 ++++---
 3 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask
new file mode 100644
index 0000000000..1f68389902
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/use.mask
@@ -0,0 +1,2 @@
+# TODO(marineam): remove after portage-stable/profiles is updated.
+-seccomp
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
index 228ca622e9..36dbf9e60d 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults
@@ -32,6 +32,10 @@ USE="${USE} -zeroconf"
 # No need for OpenMP support in GCC and other apps
 USE="${USE} -openmp"
 
+# Test enabling seccomp globally prior to syncing other profile changes.
+# TODO(marineam): remove after portage-stable/profiles is updated.
+USE="${USE} seccomp"
+
 # Set SELinux policy
 POLICY_TYPES="targeted mcs mls"
 
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
index e6a81f1aac..1142d571d4 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
@@ -41,7 +41,8 @@ app-shells/bash -net vanilla
 # disable nss utilities
 dev-libs/nss -utils
 
-# enable seccomp support in docker
-app-emulation/docker seccomp
-app-emulation/containerd seccomp
+# needed by docker
 sys-libs/libseccomp static-libs
+
+# bind-tools' configure script breaks when cross-compiling with seccomp enabled
+net-dns/bind-tools -seccomp