forked from google/nsjail
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
148 lines (118 loc) · 4.79 KB
/
Makefile
File metadata and controls
148 lines (118 loc) · 4.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# nsjail - Makefile
# -----------------------------------------
PKG_CONFIG := $(shell command -v pkg-config 2> /dev/null)
ifeq ($(PKG_CONFIG),)
$(error "Install pkg-config to make it work")
endif
CC ?= gcc
CXX ?= g++
# pkg-config for protobuf can be expensive/slow
# Skip pkg-config for: clean, indent, kafel_init, and kafel-only builds
ifneq ($(filter-out clean indent kafel_init kafel/libkafel.a,$(MAKECMDGOALS)),)
PROTOBUF_CFLAGS := $(shell pkg-config --cflags protobuf)
PROTOBUF_LIBS := $(shell pkg-config --libs protobuf)
else ifeq ($(MAKECMDGOALS),)
# Default target (all) requires protobuf
PROTOBUF_CFLAGS := $(shell pkg-config --cflags protobuf)
PROTOBUF_LIBS := $(shell pkg-config --libs protobuf)
endif
NL3_EXISTS := $(shell pkg-config --exists libnl-route-3.0 && echo yes)
COMMON_FLAGS += -O2 -c \
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 \
-fPIE \
-Wformat -Wformat-security -Wno-format-nonliteral \
-Wall -Wextra -Werror \
-Ikafel/include
CXXFLAGS += $(USER_DEFINES) $(COMMON_FLAGS) $(PROTOBUF_CFLAGS) \
-std=c++20 -fno-exceptions -Wno-unused -Wno-unused-parameter
LDFLAGS += -pie -Wl,-z,noexecstack -lpthread $(PROTOBUF_LIBS)
ifeq ($(NL3_EXISTS), yes)
CXXFLAGS += $(shell pkg-config --cflags libnl-route-3.0)
LDFLAGS += $(shell pkg-config --libs libnl-route-3.0)
endif
ifdef DEBUG
CXXFLAGS += -g -ggdb -gdwarf-4
endif
BIN = nsjail
LIBS = kafel/libkafel.a
SRCS_CXX = caps.cc cgroup.cc cgroup2.cc cmdline.cc config.cc contain.cc cpu.cc logs.cc mnt.cc mnt_legacy.cc mnt_newapi.cc net.cc nsjail.cc pid.cc sandbox.cc subproc.cc uts.cc user.cc util.cc
SRCS_PROTO = config.proto
SRCS_PB_CXX = $(SRCS_PROTO:.proto=.pb.cc)
SRCS_PB_H = $(SRCS_PROTO:.proto=.pb.h)
SRCS_PB_O = $(SRCS_PROTO:.proto=.pb.o)
OBJS = $(SRCS_CXX:.cc=.o) $(SRCS_PB_CXX:.cc=.o)
# 4. TARGETS
.PHONY: all clean depend indent kafel_init
all: $(BIN)
# Main Binary Linkage
$(BIN): $(LIBS) $(OBJS)
ifneq ($(NL3_EXISTS), yes)
$(warning "You probably miss libnl3(-dev)/libnl-route-3(-dev) libraries")
endif
$(CXX) -o $(BIN) $(OBJS) $(LIBS) $(LDFLAGS)
# Standard Object Compilation
# The | $(SRCS_PB_H) ensures headers exist before we try to compile .cc files
%.o: %.cc | $(SRCS_PB_H)
$(CXX) $(CXXFLAGS) $< -o $@
# Protobuf Generation
# We only define the recipe for the .cc file to prevent race conditions.
$(SRCS_PB_CXX): $(SRCS_PROTO)
protoc --cpp_out=. $(SRCS_PROTO)
# The .h file is a side-effect of the .cc rule
$(SRCS_PB_H): $(SRCS_PB_CXX)
# Kafel Submodule Handling
kafel_init:
ifeq ("$(wildcard kafel/Makefile)","")
git submodule update --init
endif
kafel/include/kafel.h: kafel_init
kafel/libkafel.a: kafel_init
+LDFLAGS="" CFLAGS=-fPIE $(MAKE) -C kafel
# Utilities
clean:
$(RM) core Makefile.bak $(OBJS) $(SRCS_PB_CXX) $(SRCS_PB_H) $(SRCS_PB_O) $(BIN)
ifneq ("$(wildcard kafel/Makefile)","")
+$(MAKE) -C kafel clean
endif
depend: all
makedepend -Y -Ykafel/include -- -- $(SRCS_CXX) $(SRCS_PB_CXX)
indent:
clang-format -i -sort-includes $(SRCS_CXX:.cc=.h) macros.h $(SRCS_CXX) $(SRCS_PROTO) configs/*.json
# Install
PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man/man1
.PHONY: install
install: $(BIN)
install -m 755 -d $(DESTDIR)$(BINDIR)
install -m 755 $(BIN) $(DESTDIR)$(BINDIR)
install -m 755 -d $(DESTDIR)$(MANDIR)
install -m 644 nsjail.1 $(DESTDIR)$(MANDIR)
# Dependencies (Generated by makedepend)
# DO NOT DELETE THIS LINE -- make depend depends on it.
caps.o: caps.h nsjail.h config.pb.h logs.h macros.h util.h
cgroup.o: cgroup.h nsjail.h config.pb.h logs.h util.h
cgroup2.o: cgroup2.h nsjail.h config.pb.h logs.h util.h
cmdline.o: cmdline.h nsjail.h config.pb.h caps.h config.h logs.h macros.h
cmdline.o: mnt.h mnt_newapi.h user.h util.h
config.o: config.h nsjail.h config.pb.h caps.h cmdline.h logs.h macros.h
config.o: mnt.h user.h util.h
contain.o: contain.h nsjail.h config.pb.h caps.h cgroup.h cgroup2.h config.h
contain.o: cpu.h logs.h macros.h mnt.h net.h pid.h user.h util.h uts.h
cpu.o: cpu.h nsjail.h config.pb.h logs.h util.h
logs.o: logs.h macros.h util.h nsjail.h config.pb.h
mnt.o: mnt.h nsjail.h config.pb.h logs.h macros.h mnt_legacy.h mnt_newapi.h
mnt.o: subproc.h util.h
mnt_legacy.o: mnt_legacy.h mnt.h nsjail.h config.pb.h logs.h macros.h util.h
mnt_newapi.o: mnt_newapi.h mnt.h nsjail.h config.pb.h logs.h util.h
net.o: net.h nsjail.h config.pb.h logs.h util.h
nsjail.o: nsjail.h config.pb.h cgroup2.h cmdline.h logs.h macros.h net.h
nsjail.o: sandbox.h subproc.h util.h
pid.o: pid.h nsjail.h config.pb.h logs.h subproc.h
sandbox.o: sandbox.h nsjail.h config.pb.h kafel/include/kafel.h logs.h util.h
subproc.o: subproc.h nsjail.h config.pb.h cgroup.h cgroup2.h contain.h logs.h
subproc.o: macros.h net.h sandbox.h user.h util.h
uts.o: uts.h nsjail.h config.pb.h logs.h
user.o: user.h nsjail.h config.pb.h logs.h macros.h subproc.h util.h
util.o: util.h nsjail.h config.pb.h logs.h macros.h
config.pb.o: config.pb.h