This is a syscall table used for compiling Minijail policy files to
BPF. The compiler is available in the minijail-tools package. The
file is generated by compiling and running a small program named
dump_constants.
When cross-compiling, we have to get the syscall table for the host
platform. To do this, dump_constants is run under QEMU user emulation
for the appropriate platform. Google takes the same approach in their
minijail packages for ChromiumOS[1].
[1]: 729bd4269a/chromeos-base/minijail/minijail-9999.ebuild (49)
This is built from the same source as minijail, but is for all intents
and purposes a seperate package. It builds different things, with no
overlap, and is under a different license.
Hello,
New versions of all the skarnet.org packages are available.
This is mostly a bugfix release (there was an installation bug in
some circumstances with shared libraries) but some packages, notably
execline and s6, have new, useful features.
The new versions are the following:
skalibs-2.9.2.0
nsss-0.0.2.2
utmps-0.0.3.2
execline-2.6.0.0
s6-2.9.1.0
s6-rc-0.5.1.2
s6-linux-init-1.0.4.0
s6-dns-2.3.2.0
s6-networking-2.3.1.2
s6-portable-utils-2.2.2.2
s6-linux-utils-2.5.1.2
mdevd-0.1.1.2
bcnm-0.0.1.0
Here are details for the packages that have more than bugfixes:
* skalibs-2.9.2.0
---------------
- New header: skalibs/bigkv.h. It's a set of functions allowing
efficient lookups in a large set of strings (typically read from the
command line or the environment).
https://skarnet.org/software/skalibs/
git://git.skarnet.org/skalibs
* execline-2.6.0.0
----------------
- It's a major release because an API has been modified: dollarat.
Beforehand, dollarat's -0 option would always prevail over any -d
option. Now, dollarat has its conflicting -0 and -d options handled
in the conventional way, with rightmost priority.
- The runblock program now accepts a command line prefix, which is
given as runblock's own command line. This allows blocks to serve as
arguments to a new command, instead of having to be full command lines
by themselves.
- New binary: posix-umask.
- The former "cd" program is now named "execline-cd" and the former
"umask" program is named "execline-umask". When the=20
--enable-pedantic-posix
option is not given at configure time, "cd" and "umask" are symbolic
links created at installation time and pointing to execline-cd and
execline-umask respectively. When the --enable-pedantic-posix option is
given, the symbolic links point to posix-cd and posix-umask instead.
- With posix-cd and posix-umask (and the changes to wait done in the
previous version), execline is now fully POSIX-compliant when built with
the --enable-pedantic-posix option. This will certainly, without the
slightest hint of a doubt, change distributions' attitudes about it.
https://skarnet.org/software/execline/
git://git.skarnet.org/execline
* s6-2.9.1.0
----------
- A new '?' directive has been added to s6-log. It behaves exactly like
'!', except that it spawns the given processor with /bin/sh as an
interpreter instead of execlineb.
- execline support is now optional: it can be disabled by specifying
--disable-execline at configure time. Some functionality is unavailable
when execline support is disabled:
* s6-log's '!' directive
* s6-notifyoncheck's -c option
* s6-ipcserver-access's support for 'exec' directives in a ruleset
- A new -X option has been added to s6-svscan, to specify a descriptor
that will be passed as stderr to a service spawned by this s6-svscan and
named s6-svscan-log. This is used in the new s6-linux-init, to avoid
needing to hardcode the /dev/console name for the catch-all logger's
standard error.
- On systems that define SIGPWR and SIGWINCH, s6-svscan -s now diverts
those signals. This allows powerfail and kbrequest events to be handled
when s6-svscan runs as process 1.
https://skarnet.org/software/s6/
git://git.skarnet.org/s6
* s6-linux-init-1.0.4.0
---------------------
- New options have been added to s6-linux-init-maker: to support
running s6-linux-init without a catch-all logger, and to support running
it in a container.
- s6-linux-init-maker now adds a SIGPWR handler to the default image:
on receipt of a SIGPWR, the system's shutdown procedure is triggered.
- s6-linux-init now handles kbrequest, which triggers a SIGWINCH in
init when a special, configurable set of keys is pressed. By default,
no SIGWINCH handler is declared in the image, and no set of keys is
bound to kbrequest.
https://skarnet.org/software/s6-linux-init/
git://git.skarnet.org/s6-linux-init
* s6-dns-2.3.2.0
--------------
- New library: libdcache, implementing a clean cache structure
to contain DNS data. It's still not used at the moment.
https://skarnet.org/software/s6-dns/
git://git.skarnet.org/s6-dns
* bcnm-0.0.1.0
------------
- First numbered release, because the Ad=C3=A9lie Linux distribution,
which uses libwpactrl, needs an official release instead of pulling
from git.
- libwpactrl is a set of C functions helping control a wpa_supplicant
process.
- bcnm-waitif is a binary that waits for network interface state
events such as appearance/disappearance, up/down, running/not-running.
It is useful to avoid race conditions during a boot sequence, for
instance.
https://skarnet.org/software/bcnm/
git://git.skarnet.org/bcnm
Enjoy,
Bug-reports welcome.
--
Laurent