1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5BASE_VER=0 6include common.mk 7 8LIBDIR ?= /lib 9PRELOADNAME = libminijailpreload.so 10PRELOADPATH = "$(LIBDIR)/$(PRELOADNAME)" 11CPPFLAGS += -DPRELOADPATH='$(PRELOADPATH)' 12 13# We don't build static libs by default. 14BUILD_STATIC_LIBS ?= no 15 16# Defines the pivot root path used by the minimalistic-mountns profile. 17DEFAULT_PIVOT_ROOT ?= /var/empty 18CPPFLAGS += -DDEFAULT_PIVOT_ROOT='"$(DEFAULT_PIVOT_ROOT)"' 19 20ifeq ($(USE_seccomp),no) 21CPPFLAGS += -DUSE_SECCOMP_SOFTFAIL 22endif 23 24BLOCK_NOEXEC_CONF ?= no 25ifeq ($(BLOCK_NOEXEC_CONF),yes) 26CPPFLAGS += -DBLOCK_NOEXEC_CONF 27endif 28 29ENFORCE_ROOTFS_CONF ?= no 30ifeq ($(ENFORCE_ROOTFS_CONF),yes) 31CPPFLAGS += -DENFORCE_ROOTFS_CONF 32endif 33 34# Allow people to use -L and related flags. 35ALLOW_DEBUG_LOGGING ?= yes 36ifeq ($(ALLOW_DEBUG_LOGGING),yes) 37CPPFLAGS += -DALLOW_DEBUG_LOGGING 38ifeq ($(SECCOMP_DEFAULT_RET_LOG),yes) 39CPPFLAGS += -DSECCOMP_DEFAULT_RET_LOG 40endif 41endif 42 43ifeq ($(USE_ASAN),yes) 44CPPFLAGS += -fsanitize=address -fno-omit-frame-pointer 45LDFLAGS += -fsanitize=address -fno-omit-frame-pointer 46USE_EXIT_ON_DIE = yes 47endif 48 49# Setting this flag can be useful for both AddressSanitizer builds and running 50# fuzzing tools, which do not expect crashes on gracefully-handled malformed 51# inputs. 52ifeq ($(USE_EXIT_ON_DIE),yes) 53CPPFLAGS += -DUSE_EXIT_ON_DIE 54endif 55 56# Setting this flag allows duplicate syscalls definitions for seccomp filters. 57ifeq ($(ALLOW_DUPLICATE_SYSCALLS),yes) 58CPPFLAGS += -DALLOW_DUPLICATE_SYSCALLS 59endif 60 61MJ_COMMON_FLAGS = -Wunused-parameter -Wextra -Wno-missing-field-initializers 62CFLAGS += $(MJ_COMMON_FLAGS) 63CXXFLAGS += $(MJ_COMMON_FLAGS) 64 65# Dependencies that all gtest based unittests should have. 66UNITTEST_LIBS := -lcap 67UNITTEST_DEPS := testrunner.o test_util.o 68 69USE_SYSTEM_GTEST ?= no 70ifeq ($(USE_SYSTEM_GTEST),no) 71GTEST_CXXFLAGS := -std=gnu++14 72GTEST_LIBS := gtest.a 73UNITTEST_DEPS += $(GTEST_LIBS) 74else 75GTEST_CXXFLAGS := $(shell gtest-config --cxxflags 2>/dev/null || \ 76 echo "-pthread") 77GTEST_LIBS := $(shell gtest-config --libs 2>/dev/null || \ 78 echo "-lgtest -pthread -lpthread") 79endif 80UNITTEST_LIBS += $(GTEST_LIBS) 81 82CORE_OBJECT_FILES := libminijail.o syscall_filter.o signal_handler.o \ 83 bpf.o util.o system.o syscall_wrapper.o \ 84 config_parser.o libconstants.gen.o libsyscalls.gen.o 85UNITTEST_DEPS += $(CORE_OBJECT_FILES) 86 87all: CC_BINARY(minijail0) CC_LIBRARY(libminijail.so) \ 88 CC_LIBRARY(libminijailpreload.so) 89 90parse_seccomp_policy: CXX_BINARY(parse_seccomp_policy) 91dump_constants: CXX_STATIC_BINARY(dump_constants) 92 93tests: TEST(CXX_BINARY(libminijail_unittest)) \ 94 TEST(CXX_BINARY(minijail0_cli_unittest)) \ 95 TEST(CXX_BINARY(syscall_filter_unittest)) \ 96 TEST(CXX_BINARY(system_unittest)) \ 97 TEST(CXX_BINARY(util_unittest)) \ 98 TEST(CXX_BINARY(config_parser_unittest)) 99 100CC_BINARY(minijail0): LDLIBS += -lcap -ldl 101CC_BINARY(minijail0): $(CORE_OBJECT_FILES) \ 102 elfparse.o minijail0.o minijail0_cli.o 103clean: CLEAN(minijail0) 104 105 106CC_LIBRARY(libminijail.so): LDLIBS += -lcap 107CC_LIBRARY(libminijail.so): $(CORE_OBJECT_FILES) 108clean: CLEAN(libminijail.so) 109 110CC_STATIC_LIBRARY(libminijail.pic.a): $(CORE_OBJECT_FILES) 111CC_STATIC_LIBRARY(libminijail.pie.a): $(CORE_OBJECT_FILES) 112clean: CLEAN(libminijail.*.a) 113 114ifeq ($(BUILD_STATIC_LIBS),yes) 115all: CC_STATIC_LIBRARY(libminijail.pic.a) CC_STATIC_LIBRARY(libminijail.pie.a) 116endif 117 118CXX_BINARY(libminijail_unittest): CXXFLAGS += -Wno-write-strings \ 119 $(GTEST_CXXFLAGS) 120CXX_BINARY(libminijail_unittest): LDLIBS += $(UNITTEST_LIBS) 121CXX_BINARY(libminijail_unittest): $(UNITTEST_DEPS) libminijail_unittest.o 122clean: CLEAN(libminijail_unittest) 123 124TEST(CXX_BINARY(libminijail_unittest)): CC_LIBRARY(libminijailpreload.so) 125 126 127CC_LIBRARY(libminijailpreload.so): LDLIBS += -lcap -ldl 128CC_LIBRARY(libminijailpreload.so): libminijailpreload.o $(CORE_OBJECT_FILES) 129clean: CLEAN(libminijailpreload.so) 130 131 132CXX_BINARY(minijail0_cli_unittest): CXXFLAGS += $(GTEST_CXXFLAGS) 133CXX_BINARY(minijail0_cli_unittest): LDLIBS += $(UNITTEST_LIBS) 134CXX_BINARY(minijail0_cli_unittest): $(UNITTEST_DEPS) minijail0_cli_unittest.o \ 135 minijail0_cli.o elfparse.o 136clean: CLEAN(minijail0_cli_unittest) 137 138 139CXX_BINARY(config_parser_unittest): CXXFLAGS += $(GTEST_CXXFLAGS) 140CXX_BINARY(config_parser_unittest): LDLIBS += $(UNITTEST_LIBS) 141CXX_BINARY(config_parser_unittest): $(UNITTEST_DEPS) config_parser_unittest.o 142clean: CLEAN(config_parser_unittest) 143 144CXX_BINARY(syscall_filter_unittest): CXXFLAGS += -Wno-write-strings \ 145 $(GTEST_CXXFLAGS) 146CXX_BINARY(syscall_filter_unittest): LDLIBS += $(UNITTEST_LIBS) 147CXX_BINARY(syscall_filter_unittest): $(UNITTEST_DEPS) syscall_filter_unittest.o 148clean: CLEAN(syscall_filter_unittest) 149 150 151CXX_BINARY(system_unittest): CXXFLAGS += $(GTEST_CXXFLAGS) 152CXX_BINARY(system_unittest): LDLIBS += $(UNITTEST_LIBS) 153CXX_BINARY(system_unittest): $(UNITTEST_DEPS) system_unittest.o 154clean: CLEAN(system_unittest) 155 156 157CXX_BINARY(util_unittest): CXXFLAGS += $(GTEST_CXXFLAGS) 158CXX_BINARY(util_unittest): LDLIBS += $(UNITTEST_LIBS) 159CXX_BINARY(util_unittest): $(UNITTEST_DEPS) util_unittest.o 160clean: CLEAN(util_unittest) 161 162 163CXX_BINARY(parse_seccomp_policy): parse_seccomp_policy.o syscall_filter.o \ 164 bpf.o util.o libconstants.gen.o libsyscalls.gen.o 165clean: CLEAN(parse_seccomp_policy) 166 167 168# Compiling dump_constants as a static executable makes it easy to run under 169# qemu-user, which in turn simplifies cross-compiling bpf policies. 170CXX_STATIC_BINARY(dump_constants): dump_constants.o \ 171 libconstants.gen.o libsyscalls.gen.o 172clean: CLEAN(dump_constants) 173 174 175constants.json: CXX_STATIC_BINARY(dump_constants) 176 ./dump_constants > $@ 177clean: CLEANFILE(constants.json) 178 179 180libsyscalls.gen.o: CPPFLAGS += -I$(SRC) 181 182libsyscalls.gen.o.depends: libsyscalls.gen.c 183 184# Only regenerate libsyscalls.gen.c if the Makefile or header changes. 185# NOTE! This will not detect if the file is not appropriate for the target. 186libsyscalls.gen.c: $(SRC)/libsyscalls.h $(SRC)/Makefile 187 @/bin/echo -e "GEN $(subst $(SRC)/,,$<) -> $@" 188 $(QUIET)CC="$(CC)" $(SRC)/gen_syscalls.sh "$@" 189clean: CLEAN(libsyscalls.gen.c) 190 191$(eval $(call add_object_rules,libsyscalls.gen.o,CC,c,CFLAGS)) 192 193libconstants.gen.o: CPPFLAGS += -I$(SRC) 194 195libconstants.gen.o.depends: libconstants.gen.c 196 197# Only regenerate libconstants.gen.c if the Makefile or header changes. 198# NOTE! This will not detect if the file is not appropriate for the target. 199libconstants.gen.c: $(SRC)/libconstants.h $(SRC)/Makefile 200 @/bin/echo -e "GEN $(subst $(SRC)/,,$<) -> $@" 201 $(QUIET)CC="$(CC)" $(SRC)/gen_constants.sh "$@" 202clean: CLEAN(libconstants.gen.c) 203 204$(eval $(call add_object_rules,libconstants.gen.o,CC,c,CFLAGS)) 205 206 207################################################################################ 208# Google Test 209 210ifeq ($(USE_SYSTEM_GTEST),no) 211# Points to the root of Google Test, relative to where this file is. 212# Remember to tweak this if you move this file. 213GTEST_DIR = googletest-release-1.11.0/googletest 214 215# Flags passed to the preprocessor. 216# Set Google Test's header directory as a system directory, such that 217# the compiler doesn't generate warnings in Google Test headers. 218CPPFLAGS += -isystem $(GTEST_DIR)/include 219 220# Flags passed to the C++ compiler. 221GTEST_CXXFLAGS += -pthread 222 223# All Google Test headers. Usually you shouldn't change this 224# definition. 225GTEST_HEADERS = $(GTEST_DIR)/include/gtest/*.h \ 226 $(GTEST_DIR)/include/gtest/internal/*.h 227 228# House-keeping build targets. 229clean: clean_gtest 230 231clean_gtest: 232 $(QUIET)rm -f gtest.a gtest_main.a *.o 233 234# Builds gtest.a and gtest_main.a. 235 236# Usually you shouldn't tweak such internal variables, indicated by a 237# trailing _. 238GTEST_SRCS_ = $(GTEST_DIR)/src/*.cc $(GTEST_DIR)/src/*.h $(GTEST_HEADERS) 239 240# For simplicity and to avoid depending on Google Test's 241# implementation details, the dependencies specified below are 242# conservative and not optimized. This is fine as Google Test 243# compiles fast and for ordinary users its source rarely changes. 244gtest-all.o : $(GTEST_SRCS_) 245 $(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \ 246 $(GTEST_DIR)/src/gtest-all.cc -o $@ 247 248gtest_main.o : $(GTEST_SRCS_) 249 $(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \ 250 $(GTEST_DIR)/src/gtest_main.cc -o $@ 251 252gtest.a : gtest-all.o 253 $(AR) $(ARFLAGS) $@ $^ 254 255gtest_main.a : gtest-all.o gtest_main.o 256 $(AR) $(ARFLAGS) $@ $^ 257 258endif 259################################################################################ 260