search

SubconsciousCompute / seccomp-pledge

seccomp-BPF filtering and pledge/unveil sandboxing for Linux
GNU Affero General Public License v3.0
4 stars 3 forks source link

Unable to Cross compile seccom-pledge for OpenWrt #5

Open mrdorababu opened 1 year ago

mrdorababu commented 1 year ago

Hi,

We are unable to cross-compile the project for OpenWrt. Please let us know what are the architectures it can support. The OpenWrt router we have has MIPS architecture.

processor : 1
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 0
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available

processor : 2
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 1
VPE : 0
VCED exceptions : not available
VCEI exceptions : not available

processor : 3
cpu model : MIPS 1004Kc V2.15
BogoMIPS : 586.13
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa : mips1 mips2 mips32r1 mips32r2
ASEs implemented : mips16 dsp mt
Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit cdmm perf
shadow register sets : 1
kscratch registers : 0
package : 0
core : 1
VPE : 1
VCED exceptions : not available
VCEI exceptions : not available

- Following errors occurred while we build the project

dora@openwrtbuildpc:~/coderepo/openwrt/seccomp-pledge$ cargo build --release --target mips-unknown-linux-musl Compiling serde v1.0.152 Compiling libc v0.2.139 Compiling serde_json v1.0.91 Compiling itoa v1.0.5 Compiling ryu v1.0.12 Compiling optional-fields-serde-macro v0.1.1 Compiling optional-field v0.1.3 Compiling seccompiler v0.3.0 Compiling seccomp-pledge v0.1.0 (/home/dora/coderepo/openwrt/seccomp-pledge) error[E0432]: unresolved import seccompiler::BpfMap --> src/main.rs:2:5 | 2 | use seccompiler::BpfMap; | ^^^^^^^^^^^^^^^^^^^ no BpfMap in the root

error[E0433]: failed to resolve: could not find TargetArch in seccompiler --> src/main.rs:411:22 | 411 | seccompiler::TargetArch::x86_64, | ^^^^^^^^^^ could not find TargetArch in seccompiler

error[E0425]: cannot find function compile_from_json in crate seccompiler --> src/main.rs:409:66 | 409 | ...compiler::compile_from_json( | ^^^^^^^^^^^^^^^^^ not found in seccompiler

error[E0425]: cannot find function apply_filter in crate seccompiler --> src/main.rs:428:21 | 428 | if seccompiler::apply_filter(filter).is_err() { | ^^^^^^^^^^^^ not found in seccompiler

Some errors have detailed explanations: E0425, E0432, E0433. For more information about an error, try rustc --explain E0425. error: could not compile seccomp-pledge due to 4 previous errors dora@openwrtbuildpc:~/coderepo/openwrt/seccomp-pledge$


You can find the further details here 
https://www.notion.so/subcom/Daily-Logs-ef770c7e27f7457f875a198c65a5f604 

Please let us know how to solve these errors.
DeviousCilantro commented 1 year ago

This project utilizes the seccompiler crate which unfortunately only supports little-endian x86_64 and little-endian aarch64 host architectures, as specified in https://github.com/rust-vmm/seccompiler. Moreover, Justine Tunney's standalone pledge binary itself is an x86_64 ELF executable, so I am not sure even that would work on MIPS either.

sn99 commented 1 year ago

@DeviousCilantro ~It builds natively without cross compiling.~ Nvm, english ggs

I think the issue is in the linker during cross compiling, seccompiler doesn’t define a linker target for mips https://github.com/rust-vmm/seccompiler/blob/main/.cargo/config, I found this that can help though https://github.com/rust-lang/rust/issues/37507#issuecomment-476026815

sn99 commented 1 year ago

This library is only supported for x86_64 and aarch64.