Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 40025ff859d65f1a50ae38b20841f9e0a908050b^! / . / third_party / cap / cap.bzl
commit40025ff859d65f1a50ae38b20841f9e0a908050b[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Tue Aug 31 13:06:02 2021 +0200
committerLorenz Brun <lorenz@monogon.tech>Wed Sep 01 10:33:39 2021 +0000
tree4a81af38eea054baf3cada86a1a94a572096e683
parent031243f5a276726080a92410f7d3503e5870ed49 [diff] [blame]
third_party/cap: initialize

This adds libcap which is needed for any chance at running chrony as non-root.

Upstream contains a multi-stage codegen based on various external utilities
which has been replaced by a clean Go script. Upstream is capable of also
using gperf to generate hash tables for faster lookups, but due to the
extremely low amount of items (~40) and the additional complexity this is
not enabled.

This is not tested standalone, but it has been tested with chrony.

Change-Id: I638f6aea98158cd2e2838531a5a6125e724838f5
Reviewed-on: https://review.monogon.dev/c/monogon/+/317
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

diff --git a/third_party/cap/cap.bzl b/third_party/cap/cap.bzl
new file mode 100644
index 0000000..459c89b
--- /dev/null
+++ b/third_party/cap/cap.bzl

@@ -0,0 +1,52 @@
+#  Copyright 2021 The Monogon Project Authors.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+load("@rules_cc//cc:defs.bzl", "cc_library")
+load("@io_bazel_rules_go//go:def.bzl", "go_binary")
+
+cc_library(
+    name = "cap",
+    srcs = [
+        "cap_alloc.c",
+        "cap_extint.c",
+        "cap_file.c",
+        "cap_flag.c",
+        "cap_proc.c",
+        "cap_text.c",
+    ] + glob(["include/sys/*.h"]),  # UAPI is intentionally excluded as we want it from our own kernel headers
+    hdrs = ["libcap.h", ":cap_names.h"],
+    visibility = ["//visibility:public"],
+    includes = [".", "include"],
+)
+
+go_binary(
+    name = "makenames",
+    srcs = ["makenames.go"],
+)
+
+genrule(
+    name = "cap_names_hdr",
+    srcs = [
+        "include/uapi/linux/capability.h",
+    ],
+    outs = [
+        "cap_names.h",
+    ],
+    cmd = "$(location :makenames) \"$(location include/uapi/linux/capability.h)\" \"$@\"",
+    tools = [
+        ":makenames",
+    ],
+)