syd 3.0.13

seccomp and landlock based application sandbox with support for namespaces
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

# syd's Makefile
# Copyright (c) 2023 Ali Polatel <alip@chesswob.org>
# SPDX-License-Identifier: GPL-3.0-or-later

# User variables
# Target, e.g: --target=aarch64-unknown-linux-musl
TARGET=

# Common tools
RM= rm
INSTALL= install
PREFIX= /usr/local
BINDIR= bin
CARGO= env RUST_BACKTRACE=1 cargo
PKG_CONFIG= pkg-config

# Environment variables necessary to link libseccomp statically.
export LIBSECCOMP_LINK_TYPE= static
export LIBSECCOMP_LIB_PATH= $(shell $(PKG_CONFIG) --variable=libdir libseccomp || echo /usr/lib)

# Rust flags
RUSTFLAGS_STATIC= -Clink-arg=-static -Ctarget-feature=+crt-static
RUSTFLAGS_NATIVE= $(RUSTFLAGS_STATIC) -Ctarget-cpu=native
RUSTFLAGS_RELEASE= $(RUSTFLAGS_STATIC)

# Cargo flags
CARGOFLAGS= -j$(shell nproc) -v

all: build

build:
	$(CARGO) +nightly fmt
	$(CARGO) build $(CARGOFLAGS)
	$(CARGO) test
	$(CARGO) +nightly clippy $(CARGOFLAGS)
	$(CARGO) deny check
clean:
	$(CARGO) clean
install: native
	$(INSTALL) -d $(DESTDIR)$(PREFIX)/$(BINDIR)/
	$(INSTALL) -pm 0755 target/release/syd $(DESTDIR)$(PREFIX)/$(BINDIR)/
	$(INSTALL) -pm 0755 target/release/syd-test $(DESTDIR)$(PREFIX)/$(BINDIR)/
	$(INSTALL) -pm 0755 target/release/syd-test-do $(DESTDIR)$(PREFIX)/$(BINDIR)/
debug:
	$(CARGO) +nightly fmt
	$(CARGO) build $(CARGOFLAGS)
	$(INSTALL) -d $(DESTDIR)$(PREFIX)/$(BINDIR)/
	$(INSTALL) -pm 0755 target/debug/syd $(DESTDIR)$(PREFIX)/$(BINDIR)/
	$(INSTALL) -pm 0755 target/debug/syd-test $(DESTDIR)$(PREFIX)/$(BINDIR)/
	$(INSTALL) -pm 0755 target/debug/syd-test-do $(DESTDIR)$(PREFIX)/$(BINDIR)/
uninstall:
	$(RM) -f \
		$(DESTDIR)$(PREFIX)/$(BINDIR)/syd \
		$(DESTDIR)$(PREFIX)/$(BINDIR)/syd-test \
		$(DESTDIR)$(PREFIX)/$(BINDIR)/syd-test-do
native:
	export RUSTFLAGS="$(RUSTFLAGS_NATIVE)"
	$(CARGO) build --release $(CARGOFLAGS)
release:
	export RUSTFLAGS="$(RUSTFLAGS_RELEASE)"
	@echo Using libseccomp library from $(LIBSECCOMP_LIB_PATH)
	$(CARGO) build --release $(CARGOFLAGS) $(TARGET)
check:
	$(CARGO) test $(CARGOFLAGS)
distcheck:
	$(CARGO) test --release $(CARGOFLAGS)
doc:
	$(CARGO) doc --open

# Use LLVM sanitizers
sanitize_address:
	env RUSTFLAGS="-Zsanitizer=address" $(CARGO) +nightly build $(CARGOFLAGS)
sanitize_leak:
	env RUSTFLAGS="-Zsanitizer=leak" $(CARGO) +nightly build $(CARGOFLAGS)
sanitize_memory:
	env RUSTFLAGS="-Zsanitizer=memory" $(CARGO) +nightly build $(CARGOFLAGS)
sanitize_thread:
	env RUSTFLAGS="-Zsanitizer=thread" $(CARGO) +nightly build $(CARGOFLAGS)

bloat:
	$(CARGO) bloat --crates -n 100 --bin syd --profile release
cov:
	$(CARGO) llvm-cov --open
deny:
	$(CARGO) deny check
msrv:
	$(CARGO) msrv --bisect
watch:
	$(CARGO) watch
who:
	@git log --all --format='%cN <%cE>' | sort -u

.PHONY: check distcheck clean debug doc
.PHONY: all bloat build cov deny msrv native release install uninstall watch who
.PHONY: sanitize_address sanitize_leak sanitize_memory sanitize_thread