commit d3efeb5bda50f751cbf20318d89a298ea541d101
parent 453bdbfe5389b1af02d5a38ec182bb293e8bdf83
Author: Jan Pobrislo <ccx@te2000.cz>
Date: Fri, 31 Oct 2025 07:32:20 +0000
Allow ptrace in pthbs-build
Diffstat:
17 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/templates/pkg/container-bin-image b/templates/pkg/container-bin-image
@@ -17,7 +17,7 @@ img="$pthbs_destdir{{versions}}/$pthbs_package/container-bin-image"
mkdir -p "$img"
easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf"
-easyseccomp -i default-policy.easyseccomp -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
+easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf"
cd "$img"
diff --git a/variants/ccx-x86_64/container-bin-image b/variants/ccx-x86_64/container-bin-image
@@ -16,7 +16,7 @@ img="$pthbs_destdir/home/ccx/versions/$pthbs_package/container-bin-image"
mkdir -p "$img"
easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf"
-easyseccomp -i default-policy.easyseccomp -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
+easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf"
cd "$img"
diff --git a/variants/ccx-x86_64/containers b/variants/ccx-x86_64/containers
@@ -8,7 +8,7 @@
#+alpine-keys.58180943d1e4712df08cb1eae2454fafcf543d90ac169c524e84eef81df9af01
#+apk-tools.45eb1e70cdc4977e1c9c965f392b2a54e7b1b77485fdaf695d381dd062842d18
#+xbps.c27da8d06944b4584d922e84f3587e0507b59fb9b0bfd799d883551514b2ca24
-#+container-bin-image.50bb9f9cd0442b0c6968d62e6eb7e9f53dc527705139e8a89a67dc0861bdee29
+#+container-bin-image.ba85f16465283d50b8ff18e0e82726df49b22e0a8d9929b0e88a758382711dc5
#@git:b2ba08f728a01a5bac734c823016be77035ab687:containers
@@ -66,9 +66,9 @@ for f in '/home/ccx/versions/xbps.c27da8d06944b4584d922e84f3587e0507b59fb9b0bfd7
ln -sf "$f" "${dest}/deps/keys/void/"
done
-test -d '/home/ccx/versions/container-bin-image.50bb9f9cd0442b0c6968d62e6eb7e9f53dc527705139e8a89a67dc0861bdee29/container-bin-image'
-test -f '/home/ccx/versions/container-bin-image.50bb9f9cd0442b0c6968d62e6eb7e9f53dc527705139e8a89a67dc0861bdee29/container-bin-image/if'
-ln -sf '/home/ccx/versions/container-bin-image.50bb9f9cd0442b0c6968d62e6eb7e9f53dc527705139e8a89a67dc0861bdee29/container-bin-image' "${dest}/deps/"
+test -d '/home/ccx/versions/container-bin-image.ba85f16465283d50b8ff18e0e82726df49b22e0a8d9929b0e88a758382711dc5/container-bin-image'
+test -f '/home/ccx/versions/container-bin-image.ba85f16465283d50b8ff18e0e82726df49b22e0a8d9929b0e88a758382711dc5/container-bin-image/if'
+ln -sf '/home/ccx/versions/container-bin-image.ba85f16465283d50b8ff18e0e82726df49b22e0a8d9929b0e88a758382711dc5/container-bin-image' "${dest}/deps/"
diff --git a/variants/ccx-x86_64/containers.environment b/variants/ccx-x86_64/containers.environment
@@ -7,7 +7,7 @@
#+s6-linux-utils.664dc33ed8e500126bfb4e74c565990e8632879b9e165b09f7f48ac054c89a22
#+zsh.7a73a1599d87b3e354a0e58e4119f89b71fb053e261e36802af49d80ce8d9ba1
#+confz.f5eca9ab19f09818cfcd46267b61b488344983b0931114b597ad1238173fafcf
-#+containers.1349d05351c9c9d1d608b5d049018a159fb4e70044e66a832069bbae52aac266
+#+containers.71cd98edff323c709e1644584725e983519b8568fb09a672e38bea5a8241a412
#+xbps.c27da8d06944b4584d922e84f3587e0507b59fb9b0bfd799d883551514b2ca24
#+zstd.3aa7a31b787480effc16a34130b5199a5160b690d71ef0912b080d71e6031e88
#+apk-tools.45eb1e70cdc4977e1c9c965f392b2a54e7b1b77485fdaf695d381dd062842d18
diff --git a/variants/ccx-x86_64/default.environment b/variants/ccx-x86_64/default.environment
@@ -21,7 +21,7 @@
#+pthbs-banginstall.47e87f044eea270225da61ee7d709e01b2e6385fee494566c647cddac19e0592
#+aat.ce323557b768bcc986fbb1557fda1309637474ccd8b9b5e4c4a56ba56634d75a
#+confz.f5eca9ab19f09818cfcd46267b61b488344983b0931114b597ad1238173fafcf
-#+containers.1349d05351c9c9d1d608b5d049018a159fb4e70044e66a832069bbae52aac266
+#+containers.71cd98edff323c709e1644584725e983519b8568fb09a672e38bea5a8241a412
#+fileset.c9ce28ff816e023243d76d1bcb4d2b732f6b1f89c0cb9df15c1fd73880896a07
#+logincaps.de7defec936b2f4498a2010578eb507abfa6f48d6c51d0b64a9ada67cce50335
#+snaprep.c16cd20ecb28f90d83b6963a32a6f01f964fe5b99e75d7f3d9f0d2258899c26a
@@ -40,8 +40,8 @@
#+mlog.d3f90010a808d81d0e4e26efefd0b2325b395fd1b011f1d94cdc0be1cb017339
#+findutils.c80b9056e275f82f7d371a44035a3c11dd43faae948a696f9cea0cd681b76aef
#+nawk.24907cbb8100b37ab37723f0335e79103b0135b8ae6175e179b145bbdbe500e0
-#+system-config.dee9db00340b828719014279dfcaf5b33b9da83391a869a413c20c027faf9efb
-#+system-config-rc.9074fc18fc9743856ba5013be2388f9cb0b17368dd3088eab0bf617ecae53a4e
+#+system-config.4466138541cc9c6a970ea386e2a34852e49bb1de4096ba512a12eb22c82af519
+#+system-config-rc.ef5a3153d15263ab728561772399d79a4e3c955de08d533afb1ad1b291ba5977
#+system-config-scripts.6080239044e6d330a6ea9e01625ca9d04971775d95bfc60a336235e0a4b1d743
-#+system-config-init.2124e0228ff998217c0d696970d6505189d09fe451ed27586e370de767c58c6a
+#+system-config-init.6159b40338631191ea003e0476c490c0a6f11bfe72a88f014e3afdbc991c48e5
#+system-config-zsh.44342c96638209b72ed90af329e3f90445dd1c5f6ca837b3d735833a48d8dd34
\ No newline at end of file
diff --git a/variants/ccx-x86_64/system-config b/variants/ccx-x86_64/system-config
@@ -53,7 +53,7 @@ printf '%s\n' >config/etc/skel/loginexec \
chmod +x config/etc/skel/loginexec
env 'pthbs_path_system-config'="$prefix" \
- 'pthbs_path_containers=/home/ccx/versions/env.32a5340116bf058da12c047961d35071f75d3fecf761b99f4dccc8d2a507e12c' \
+ 'pthbs_path_containers=/home/ccx/versions/env.6710928241fdfd3ba0f0055676652269e279e5eda36331d86cc31b71341e577b' \
'pthbs_path_mdevd=/home/ccx/versions/env.9ae00761f91fce271a7a398052f458baa4884fd6dfd8e65a58014c19720d9548' \
make -j${JOBS:-1} -l$((1+${JOBS:-1})) all
diff --git a/variants/ccx-x86_64/system-config-init b/variants/ccx-x86_64/system-config-init
@@ -7,7 +7,7 @@
#+s6-portable-utils.945ba0fbba6153923f5a761abc154568d30fc1db69b26f03ead9fe248f87d351
#+s6-linux-init.30ee852e07291b5f3c94ed4037e403122037366bcc655a87f5527f1813332d62
#+execline.749fa9922ca7a4c505ca1b2c001625d161085c37c5ea75585fbddb321558157a
-#+system-config-rc.9074fc18fc9743856ba5013be2388f9cb0b17368dd3088eab0bf617ecae53a4e
+#+system-config-rc.ef5a3153d15263ab728561772399d79a4e3c955de08d533afb1ad1b291ba5977
# - build script start -
@@ -32,7 +32,7 @@ dest=${pthbs_destdir%/}${prefix}
cd '.'
-s6rcdb=/home/ccx/versions/system-config-rc.9074fc18fc9743856ba5013be2388f9cb0b17368dd3088eab0bf617ecae53a4e/config/s6-rc-db
+s6rcdb=/home/ccx/versions/system-config-rc.ef5a3153d15263ab728561772399d79a4e3c955de08d533afb1ad1b291ba5977/config/s6-rc-db
# Generate init (${dest} must not exist but parent dir does)
mkdir -p "$pthbs_destdir//home/ccx/versions"
diff --git a/variants/ccx-x86_64/system-config-rc b/variants/ccx-x86_64/system-config-rc
@@ -5,7 +5,7 @@
#+busybox-diffutils.f40ac7713836b6eaa4e46db3b7577b533f4738fb10bf732edc044ffc48eb9ec8
#+s6-rc.77ee4f3326027d4463fb531273c8b42b4d8f6fabba2d075e15e18eb2cb2a8c50
#+fileset.c9ce28ff816e023243d76d1bcb4d2b732f6b1f89c0cb9df15c1fd73880896a07
-#+system-config.dee9db00340b828719014279dfcaf5b33b9da83391a869a413c20c027faf9efb
+#+system-config.4466138541cc9c6a970ea386e2a34852e49bb1de4096ba512a12eb22c82af519
# - build script start -
@@ -15,7 +15,7 @@ dest=${pthbs_destdir%/}${prefix}
cd '.'
-src=/home/ccx/versions/system-config.dee9db00340b828719014279dfcaf5b33b9da83391a869a413c20c027faf9efb/config/s6-rc-source
+src=/home/ccx/versions/system-config.4466138541cc9c6a970ea386e2a34852e49bb1de4096ba512a12eb22c82af519/config/s6-rc-source
s6-rc-compile ./s6-rc-db "$src"
mkdir -p "$dest/config"
mv -v s6-rc-db "$dest/config/"
diff --git a/variants/ccx-x86_64/userspace.environment b/variants/ccx-x86_64/userspace.environment
@@ -21,7 +21,7 @@
#+pthbs-banginstall.47e87f044eea270225da61ee7d709e01b2e6385fee494566c647cddac19e0592
#+aat.ce323557b768bcc986fbb1557fda1309637474ccd8b9b5e4c4a56ba56634d75a
#+confz.f5eca9ab19f09818cfcd46267b61b488344983b0931114b597ad1238173fafcf
-#+containers.1349d05351c9c9d1d608b5d049018a159fb4e70044e66a832069bbae52aac266
+#+containers.71cd98edff323c709e1644584725e983519b8568fb09a672e38bea5a8241a412
#+fileset.c9ce28ff816e023243d76d1bcb4d2b732f6b1f89c0cb9df15c1fd73880896a07
#+logincaps.de7defec936b2f4498a2010578eb507abfa6f48d6c51d0b64a9ada67cce50335
#+snaprep.c16cd20ecb28f90d83b6963a32a6f01f964fe5b99e75d7f3d9f0d2258899c26a
diff --git a/variants/root-x86_64/container-bin-image b/variants/root-x86_64/container-bin-image
@@ -16,7 +16,7 @@ img="$pthbs_destdir/versions/$pthbs_package/container-bin-image"
mkdir -p "$img"
easyseccomp -i default-policy.easyseccomp -o "$img/seccomp-default.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -o "$img/seccomp-ptrace.bpf"
-easyseccomp -i default-policy.easyseccomp -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
+easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SECCOMP -d ALLOW_LANDLOCK -o "$img/seccomp-build.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_PTRACE -d ALLOW_SETUID_SETGID -o "$img/seccomp-xpra.bpf"
easyseccomp -i default-policy.easyseccomp -d ALLOW_SETUID_SETGID -o "$img/seccomp-setuidgid.bpf"
cd "$img"
diff --git a/variants/root-x86_64/containers b/variants/root-x86_64/containers
@@ -8,7 +8,7 @@
#+alpine-keys.9903799b52320b5d6618a3e3c87cef9da76e3b5291abfe1fd563fddfd04f35ae
#+apk-tools.714e1cb8bc861dec1710a25476f209f7b0602d954f74194d58c16747c5a3ad38
#+xbps.e7b102cdf29fa99c56eeacce8ade331896a379fad11189131b0d1efb4160a454
-#+container-bin-image.963dd9b50b1afce8970fa976ad93ceb4879c665791f3fe16f499d2e351270a6b
+#+container-bin-image.12735d6b897a23a53185b55d7ff7ae3142c371c1fb6a5c3d0e67c27bc66886da
#@git:b2ba08f728a01a5bac734c823016be77035ab687:containers
@@ -66,9 +66,9 @@ for f in '/versions/xbps.e7b102cdf29fa99c56eeacce8ade331896a379fad11189131b0d1ef
ln -sf "$f" "${dest}/deps/keys/void/"
done
-test -d '/versions/container-bin-image.963dd9b50b1afce8970fa976ad93ceb4879c665791f3fe16f499d2e351270a6b/container-bin-image'
-test -f '/versions/container-bin-image.963dd9b50b1afce8970fa976ad93ceb4879c665791f3fe16f499d2e351270a6b/container-bin-image/if'
-ln -sf '/versions/container-bin-image.963dd9b50b1afce8970fa976ad93ceb4879c665791f3fe16f499d2e351270a6b/container-bin-image' "${dest}/deps/"
+test -d '/versions/container-bin-image.12735d6b897a23a53185b55d7ff7ae3142c371c1fb6a5c3d0e67c27bc66886da/container-bin-image'
+test -f '/versions/container-bin-image.12735d6b897a23a53185b55d7ff7ae3142c371c1fb6a5c3d0e67c27bc66886da/container-bin-image/if'
+ln -sf '/versions/container-bin-image.12735d6b897a23a53185b55d7ff7ae3142c371c1fb6a5c3d0e67c27bc66886da/container-bin-image' "${dest}/deps/"
diff --git a/variants/root-x86_64/containers.environment b/variants/root-x86_64/containers.environment
@@ -7,7 +7,7 @@
#+s6-linux-utils.2e5ac9209104c458e8935a4b4e9ce3ed6e9aa3e6c4d85675a1e945d1fe77530f
#+zsh.86584889aa0a3af405974c69ab43869f82e00acdba5340528e5dd20757f7dfc8
#+confz.953faaabf2a7a6ab4aa9b374f83addbcc1ba98bfa195cf8cc9cb2fcb2595ffdb
-#+containers.76db647f29b5b8784c395c58f8f19fa2f52d2d6865d9e9429dac98e97e6e5a19
+#+containers.e523e49b939faba9a6f87694d6888765c3506d2484fde2227349e35bbcf41394
#+xbps.e7b102cdf29fa99c56eeacce8ade331896a379fad11189131b0d1efb4160a454
#+zstd.38b14331a2c89a3fc5d568ddddc14918031315ba2a24b6ffa8bd874c6f54bbc1
#+apk-tools.714e1cb8bc861dec1710a25476f209f7b0602d954f74194d58c16747c5a3ad38
diff --git a/variants/root-x86_64/default.environment b/variants/root-x86_64/default.environment
@@ -21,7 +21,7 @@
#+pthbs-banginstall.0442e58611ea2fc27a0a57a4c1b9b8696d799e9ebb737f3548553a61f845e34b
#+aat.1a24f86810721d21e38b938be940549908121eb386821cded1a27ac973c8d47e
#+confz.953faaabf2a7a6ab4aa9b374f83addbcc1ba98bfa195cf8cc9cb2fcb2595ffdb
-#+containers.76db647f29b5b8784c395c58f8f19fa2f52d2d6865d9e9429dac98e97e6e5a19
+#+containers.e523e49b939faba9a6f87694d6888765c3506d2484fde2227349e35bbcf41394
#+fileset.8d3627d93e7b4c33483589e8602b462d3fcd31d6f38adde5ee53c024197c7286
#+logincaps.507ec1380a0988547542ae0ad146daffd92e08ab8faf964323c28f430edcc406
#+snaprep.756763e7b0d2cc247a6b4a517b1d1eca3cb04cbfbfef374541079c63f0c896c8
@@ -40,8 +40,8 @@
#+mlog.f9e7afa9325b4affd4298e6de0a07d22a074799f0ea7bda1e3fb58a37b98e398
#+findutils.1edbb84f016e9dc61540b8396e85a2163570b9281a408f8787f17e404f685ce0
#+nawk.8521bf13f53618b7897b7f2e070a506a0101c985f6b9bb527d5eb15d8e8d4858
-#+system-config.0b9cc2e38c0a11cc26ee4bf4abfeaf2638b559fb686a7389002a7d39d5cddd39
-#+system-config-rc.b389e464690ec3c651ffb5323a8ca99ab6e9fecbc7a84fa67667fb902b5a771a
+#+system-config.1fa5471f39893f4a507140547034250c5466ef15176eef7bd62a0ec673aea6ff
+#+system-config-rc.088a99068dadef24c7fa452c9e5bff0640fba0c9802f1b33cd60a40b7f6e375e
#+system-config-scripts.c533391a1fcb035cbc2e4bad71f1dc5c40ed8b2c37d0dcd2cc7929c1dea80b5f
-#+system-config-init.acfa0538a879047444da5ef334621e957c0e33f085509df9f6e5d97bb1766665
+#+system-config-init.12fe2d7f13454ee72c9a751b846065d87989a25134d9e51ff3c739b89832e169
#+system-config-zsh.62c3518c0b26bb74a5913e7c6a89e60e0ac9ac138cddde75a74828713d3b7b37
\ No newline at end of file
diff --git a/variants/root-x86_64/system-config b/variants/root-x86_64/system-config
@@ -53,7 +53,7 @@ printf '%s\n' >config/etc/skel/loginexec \
chmod +x config/etc/skel/loginexec
env 'pthbs_path_system-config'="$prefix" \
- 'pthbs_path_containers=/versions/env.3a6944cfd81e69a7d44634a3dbcd2e306b4487e383fb0b62cbc12059715cc4d6' \
+ 'pthbs_path_containers=/versions/env.8ee086610c93dc1136a8333386f1d0185279dec55a500fe57d80eb19e4b58280' \
'pthbs_path_mdevd=/versions/env.d82a4f341af727439aa71592c00c2014d2407e78bc50027e1944f49c8175aeda' \
make -j${JOBS:-1} -l$((1+${JOBS:-1})) all
diff --git a/variants/root-x86_64/system-config-init b/variants/root-x86_64/system-config-init
@@ -7,7 +7,7 @@
#+s6-portable-utils.07e8ff4d2d45a743ec810d3e27268460d201bafbb0a765756da09179758d4b0d
#+s6-linux-init.e17bf07f726729c579bb12c1d25dad4bb263f96509f7ea852bb44d50737d0b4d
#+execline.c677b46c36eac37bee97ce38c09c501d27babea0737cbab9fb21a3ec9b194284
-#+system-config-rc.b389e464690ec3c651ffb5323a8ca99ab6e9fecbc7a84fa67667fb902b5a771a
+#+system-config-rc.088a99068dadef24c7fa452c9e5bff0640fba0c9802f1b33cd60a40b7f6e375e
# - build script start -
@@ -32,7 +32,7 @@ dest=${pthbs_destdir%/}${prefix}
cd '.'
-s6rcdb=/versions/system-config-rc.b389e464690ec3c651ffb5323a8ca99ab6e9fecbc7a84fa67667fb902b5a771a/config/s6-rc-db
+s6rcdb=/versions/system-config-rc.088a99068dadef24c7fa452c9e5bff0640fba0c9802f1b33cd60a40b7f6e375e/config/s6-rc-db
# Generate init (${dest} must not exist but parent dir does)
mkdir -p "$pthbs_destdir//versions"
diff --git a/variants/root-x86_64/system-config-rc b/variants/root-x86_64/system-config-rc
@@ -5,7 +5,7 @@
#+busybox-diffutils.977bc00da27e0150d3b3d395fe42cf24e0364b03390cab81002f27b34158d9fc
#+s6-rc.9416ba0fe405fc2a019beeee1b35a666324184886c12b89deb929c515ca06183
#+fileset.8d3627d93e7b4c33483589e8602b462d3fcd31d6f38adde5ee53c024197c7286
-#+system-config.0b9cc2e38c0a11cc26ee4bf4abfeaf2638b559fb686a7389002a7d39d5cddd39
+#+system-config.1fa5471f39893f4a507140547034250c5466ef15176eef7bd62a0ec673aea6ff
# - build script start -
@@ -15,7 +15,7 @@ dest=${pthbs_destdir%/}${prefix}
cd '.'
-src=/versions/system-config.0b9cc2e38c0a11cc26ee4bf4abfeaf2638b559fb686a7389002a7d39d5cddd39/config/s6-rc-source
+src=/versions/system-config.1fa5471f39893f4a507140547034250c5466ef15176eef7bd62a0ec673aea6ff/config/s6-rc-source
s6-rc-compile ./s6-rc-db "$src"
mkdir -p "$dest/config"
mv -v s6-rc-db "$dest/config/"
diff --git a/variants/root-x86_64/userspace.environment b/variants/root-x86_64/userspace.environment
@@ -21,7 +21,7 @@
#+pthbs-banginstall.0442e58611ea2fc27a0a57a4c1b9b8696d799e9ebb737f3548553a61f845e34b
#+aat.1a24f86810721d21e38b938be940549908121eb386821cded1a27ac973c8d47e
#+confz.953faaabf2a7a6ab4aa9b374f83addbcc1ba98bfa195cf8cc9cb2fcb2595ffdb
-#+containers.76db647f29b5b8784c395c58f8f19fa2f52d2d6865d9e9429dac98e97e6e5a19
+#+containers.e523e49b939faba9a6f87694d6888765c3506d2484fde2227349e35bbcf41394
#+fileset.8d3627d93e7b4c33483589e8602b462d3fcd31d6f38adde5ee53c024197c7286
#+logincaps.507ec1380a0988547542ae0ad146daffd92e08ab8faf964323c28f430edcc406
#+snaprep.756763e7b0d2cc247a6b4a517b1d1eca3cb04cbfbfef374541079c63f0c896c8
