search

tsgates / mbox

A lightweight sandbox tool for non-root users
http://pdos.csail.mit.edu/mbox/
655 stars 45 forks source link

unable to build in Centos #9

Open doomedramen opened 10 years ago

doomedramen commented 10 years ago

I have been unable to build on any machines running CentOS Linux.

NOTE: I ran export C_INCLUDE_PATH=/usr/src/kernels/3.4.68-9.el6.centos.alt.x86_64/include to include linux/seccomp.h

cc -DHAVE_CONFIG_H -I. -I./linux/x86_64 -I./linux -I./linux -lcrypto -Wall -Wwrite-strings -g -O2 -MT mbox.o -MD -MP -MF .deps/mbox.Tpo -c -o mbox.o mbox.c In file included from /usr/include/asm/ptrace-abi.h:84, from /usr/include/asm/ptrace.h:5, from defs.h:166, from mbox.c:31: /usr/src/kernels/3.4.68-9.el6.centos.alt.x86_64/include/linux/types.h:13:2: warning: #warning "Attempt to use kernel headers from user space, see http://kernelnewbies.org/KernelHeaders" In file included from mbox.c:50: bpf-syscall.h:4: error: invalid use of undefined type ‘struct seccomp_data’ bpf-syscall.h:5: error: ‘SECCOMP_RET_TRACE’ undeclared here (not in a function) bpf-syscall.h:66: error: ‘SECCOMP_RET_ALLOW’ undeclared here (not in a function) mbox.c: In function ‘install_seccomp’: mbox.c:289: error: ‘PR_SET_NO_NEW_PRIVS’ undeclared (first use in this function) mbox.c:289: error: (Each undeclared identifier is reported only once mbox.c:289: error: for each function it appears in.) mbox.c:289: warning: passing argument 1 of ‘prctl’ makes integer from pointer without a cast /usr/include/sys/prctl.h:28: note: expected ‘int’ but argument is of type ‘struct sockfilter ’ mbox.c:292: error: ‘SECCOMP_MODEFILTER’ undeclared (first use in this function) make[1]: ** [mbox.o] Error 1 make[1]: Leaving directory `/opt/mbox/src' make: *\ [all] Error 2

tsgates commented 10 years ago

Could you check if current centos supports SECCOMP?

CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_SECCOMP=y

In fact, you shouldn't be problem if you disable seccomp, which is just perf optimization.

doomedramen commented 10 years ago

It appears SECCOMP is not supported by the current CENTOS RHEL Kernel. I am not a C dev, do you know how to disable this optimisation ?

Thanks

nleng commented 9 years ago

I have a similar issue on debian 7. First, the seccomp.h was not found because it was not in /include/linux/ but in /include/. But this seccomp.h looks completely different to the one on my other ubuntu system, where the installations worked. E.g. it has no "struct seccomp_data". So I corrected the path and copied all missing definitions to the debian seccomp.h. Then the build seemed to be working, but when I try to use it:

mbox: PTRACE_SETOPTIONS: Invalid argument or with -s option: mbox: prctl(NO_NEW_PRIVS): Invalid argument

Any ideas? Thanks!

nleng commented 9 years ago

After upgrading to Debian 8.0 it is working. I really like how uncomplicated the usage is (when it works :P).

tsgates commented 9 years ago

thanks. I was planing to check this thread next week. I don't have then :)