blob: 86c16c8816663810d221b2c14dc0203a6b0d5ace [file] [log] [blame]
# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
BASE_VER=0
include common.mk
LIBDIR ?= /lib
PRELOADNAME = libminijailpreload.so
PRELOADPATH = "$(LIBDIR)/$(PRELOADNAME)"
CPPFLAGS += -DPRELOADPATH='$(PRELOADPATH)'
# Defines the pivot root path used by the minimalistic-mountns profile.
DEFAULT_PIVOT_ROOT ?= /var/empty
CPPFLAGS += -DDEFAULT_PIVOT_ROOT='"$(DEFAULT_PIVOT_ROOT)"'
ifeq ($(USE_seccomp),no)
CPPFLAGS += -DUSE_SECCOMP_SOFTFAIL
endif
# Allow people to use -L and related flags.
ALLOW_DEBUG_LOGGING ?= yes
ifeq ($(ALLOW_DEBUG_LOGGING),yes)
CPPFLAGS += -DALLOW_DEBUG_LOGGING
ifeq ($(SECCOMP_DEFAULT_RET_LOG),yes)
CPPFLAGS += -DSECCOMP_DEFAULT_RET_LOG
endif
endif
ifeq ($(USE_ASAN),yes)
CPPFLAGS += -fsanitize=address -fno-omit-frame-pointer
LDFLAGS += -fsanitize=address -fno-omit-frame-pointer
USE_EXIT_ON_DIE = yes
endif
# Setting this flag can be useful for both AddressSanitizer builds and running
# fuzzing tools, which do not expect crashes on gracefully-handled malformed
# inputs.
ifeq ($(USE_EXIT_ON_DIE),yes)
CPPFLAGS += -DUSE_EXIT_ON_DIE
endif
# Setting this flag allows duplicate syscalls definitions for seccomp filters.
ifeq ($(ALLOW_DUPLICATE_SYSCALLS),yes)
CPPFLAGS += -DALLOW_DUPLICATE_SYSCALLS
endif
MJ_COMMON_FLAGS = -Wunused-parameter -Wextra -Wno-missing-field-initializers
CFLAGS += $(MJ_COMMON_FLAGS)
CXXFLAGS += $(MJ_COMMON_FLAGS)
USE_SYSTEM_GTEST ?= no
ifeq ($(USE_SYSTEM_GTEST),no)
GTEST_CXXFLAGS := -std=gnu++14
GTEST_LIBS := gtest.a
else
GTEST_CXXFLAGS := $(shell gtest-config --cxxflags 2>/dev/null || \
echo "-pthread")
GTEST_LIBS := $(shell gtest-config --libs 2>/dev/null || \
echo "-lgtest -pthread -lpthread")
endif
CORE_OBJECT_FILES := libminijail.o syscall_filter.o signal_handler.o \
bpf.o util.o system.o syscall_wrapper.o \
libconstants.gen.o libsyscalls.gen.o
all: CC_BINARY(minijail0) CC_LIBRARY(libminijail.so) \
CC_LIBRARY(libminijailpreload.so)
parse_seccomp_policy: CXX_BINARY(parse_seccomp_policy)
dump_constants: CXX_STATIC_BINARY(dump_constants)
tests: TEST(CXX_BINARY(libminijail_unittest)) \
TEST(CXX_BINARY(minijail0_cli_unittest)) \
TEST(CXX_BINARY(syscall_filter_unittest)) \
TEST(CXX_BINARY(system_unittest)) \
TEST(CXX_BINARY(util_unittest)) \
CC_BINARY(minijail0): LDLIBS += -lcap -ldl
CC_BINARY(minijail0): $(CORE_OBJECT_FILES) \
elfparse.o minijail0.o minijail0_cli.o
clean: CLEAN(minijail0)
CC_LIBRARY(libminijail.so): LDLIBS += -lcap
CC_LIBRARY(libminijail.so): $(CORE_OBJECT_FILES)
clean: CLEAN(libminijail.so)
CC_STATIC_LIBRARY(libminijail.pic.a): $(CORE_OBJECT_FILES)
CC_STATIC_LIBRARY(libminijail.pie.a): $(CORE_OBJECT_FILES)
clean: CLEAN(libminijail.*.a)
CXX_BINARY(libminijail_unittest): CXXFLAGS += -Wno-write-strings \
$(GTEST_CXXFLAGS)
CXX_BINARY(libminijail_unittest): LDLIBS += -lcap $(GTEST_LIBS)
ifeq ($(USE_SYSTEM_GTEST),no)
CXX_BINARY(libminijail_unittest): $(GTEST_LIBS)
endif
CXX_BINARY(libminijail_unittest): libminijail_unittest.o $(CORE_OBJECT_FILES) \
testrunner.o
clean: CLEAN(libminijail_unittest)
TEST(CXX_BINARY(libminijail_unittest)): CC_LIBRARY(libminijailpreload.so)
CC_LIBRARY(libminijailpreload.so): LDLIBS += -lcap -ldl
CC_LIBRARY(libminijailpreload.so): libminijailpreload.o $(CORE_OBJECT_FILES)
clean: CLEAN(libminijailpreload.so)
CXX_BINARY(minijail0_cli_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
CXX_BINARY(minijail0_cli_unittest): LDLIBS += -lcap $(GTEST_LIBS)
ifeq ($(USE_SYSTEM_GTEST),no)
CXX_BINARY(minijail0_cli_unittest): $(GTEST_LIBS)
endif
CXX_BINARY(minijail0_cli_unittest): minijail0_cli_unittest.o \
$(CORE_OBJECT_FILES) minijail0_cli.o elfparse.o testrunner.o
clean: CLEAN(minijail0_cli_unittest)
CXX_BINARY(syscall_filter_unittest): CXXFLAGS += -Wno-write-strings \
$(GTEST_CXXFLAGS)
CXX_BINARY(syscall_filter_unittest): LDLIBS += -lcap $(GTEST_LIBS)
ifeq ($(USE_SYSTEM_GTEST),no)
CXX_BINARY(syscall_filter_unittest): $(GTEST_LIBS)
endif
CXX_BINARY(syscall_filter_unittest): syscall_filter_unittest.o \
$(CORE_OBJECT_FILES) testrunner.o
clean: CLEAN(syscall_filter_unittest)
CXX_BINARY(system_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
CXX_BINARY(system_unittest): LDLIBS += -lcap $(GTEST_LIBS)
ifeq ($(USE_SYSTEM_GTEST),no)
CXX_BINARY(system_unittest): $(GTEST_LIBS)
endif
CXX_BINARY(system_unittest): system_unittest.o \
$(CORE_OBJECT_FILES) testrunner.o
clean: CLEAN(system_unittest)
CXX_BINARY(util_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
CXX_BINARY(util_unittest): LDLIBS += -lcap $(GTEST_LIBS)
ifeq ($(USE_SYSTEM_GTEST),no)
CXX_BINARY(util_unittest): $(GTEST_LIBS)
endif
CXX_BINARY(util_unittest): util_unittest.o \
$(CORE_OBJECT_FILES) testrunner.o
clean: CLEAN(util_unittest)
CXX_BINARY(parse_seccomp_policy): parse_seccomp_policy.o syscall_filter.o \
bpf.o util.o libconstants.gen.o libsyscalls.gen.o
clean: CLEAN(parse_seccomp_policy)
# Compiling dump_constants as a static executable makes it easy to run under
# qemu-user, which in turn simplifies cross-compiling bpf policies.
CXX_STATIC_BINARY(dump_constants): dump_constants.o \
libconstants.gen.o libsyscalls.gen.o
clean: CLEAN(dump_constants)
constants.json: CXX_STATIC_BINARY(dump_constants)
./dump_constants > $@
clean: CLEANFILE(constants.json)
libsyscalls.gen.o: CPPFLAGS += -I$(SRC)
libsyscalls.gen.o.depends: libsyscalls.gen.c
# Only regenerate libsyscalls.gen.c if the Makefile or header changes.
# NOTE! This will not detect if the file is not appropriate for the target.
libsyscalls.gen.c: $(SRC)/Makefile $(SRC)/libsyscalls.h
@printf "Generating target-arch specific $@...\n"
$(QUIET)CC="$(CC)" $(SRC)/gen_syscalls.sh "$@"
@printf "$@ done.\n"
clean: CLEAN(libsyscalls.gen.c)
$(eval $(call add_object_rules,libsyscalls.gen.o,CC,c,CFLAGS))
libconstants.gen.o: CPPFLAGS += -I$(SRC)
libconstants.gen.o.depends: libconstants.gen.c
# Only regenerate libconstants.gen.c if the Makefile or header changes.
# NOTE! This will not detect if the file is not appropriate for the target.
libconstants.gen.c: $(SRC)/Makefile $(SRC)/libconstants.h
@printf "Generating target-arch specific $@...\n"
$(QUIET)CC="$(CC)" $(SRC)/gen_constants.sh "$@"
@printf "$@ done.\n"
clean: CLEAN(libconstants.gen.c)
$(eval $(call add_object_rules,libconstants.gen.o,CC,c,CFLAGS))
################################################################################
# Google Test
ifeq ($(USE_SYSTEM_GTEST),no)
# Points to the root of Google Test, relative to where this file is.
# Remember to tweak this if you move this file.
GTEST_DIR = googletest-release-1.10.0/googletest
# Flags passed to the preprocessor.
# Set Google Test's header directory as a system directory, such that
# the compiler doesn't generate warnings in Google Test headers.
CPPFLAGS += -isystem $(GTEST_DIR)/include
# Flags passed to the C++ compiler.
GTEST_CXXFLAGS += -pthread
# All Google Test headers. Usually you shouldn't change this
# definition.
GTEST_HEADERS = $(GTEST_DIR)/include/gtest/*.h \
$(GTEST_DIR)/include/gtest/internal/*.h
# House-keeping build targets.
clean: clean_gtest
clean_gtest:
rm -f gtest.a gtest_main.a *.o
# Builds gtest.a and gtest_main.a.
# Usually you shouldn't tweak such internal variables, indicated by a
# trailing _.
GTEST_SRCS_ = $(GTEST_DIR)/src/*.cc $(GTEST_DIR)/src/*.h $(GTEST_HEADERS)
# For simplicity and to avoid depending on Google Test's
# implementation details, the dependencies specified below are
# conservative and not optimized. This is fine as Google Test
# compiles fast and for ordinary users its source rarely changes.
gtest-all.o : $(GTEST_SRCS_)
$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \
$(GTEST_DIR)/src/gtest-all.cc -o $@
gtest_main.o : $(GTEST_SRCS_)
$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \
$(GTEST_DIR)/src/gtest_main.cc -o $@
gtest.a : gtest-all.o
$(AR) $(ARFLAGS) $@ $^
gtest_main.a : gtest-all.o gtest_main.o
$(AR) $(ARFLAGS) $@ $^
endif
################################################################################