From a0e134a05342507bd9ac47da03abca4c9c113a64 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Fri, 30 Dec 2022 18:53:50 +0100 Subject: [PATCH] package/crun: needs fexecve crun unconditionally uses fexecve since its addition in commit 530d6f661e506a4774b7236cb93d65f669adbc92 and https://github.com/containers/crun/commit/ce4dfbb97a8a05bef125030eaa6c46c07a5f9344: resulting in the following uclibc build failure: /tmp/instance-11/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arceb-snps-linux-uclibc/9.2.1/../../../../arceb-snps-linux-uclibc/bin/ld: src/libcrun/crun-cloned_binary.o: in function `ensure_cloned_binary': cloned_binary.c:(.text+0x1006): undefined reference to `fexecve' In 6e3f7fbc072c (package/runc: add upstream security fix for CVE-2019-5736), we made runc unavailable for uclibc toolchains, and crun uses fexecve for that same reason, to fix CVE-2019-5736. So, also make crun unavailable for uclibc toolchains. Fixes: - http://autobuild.buildroot.org/results/e1f4ef2b392c0e7161390ba0f97d6eef3bd12e9c Signed-off-by: Fabrice Fontaine Signed-off-by: Yann E. MORIN --- package/crun/Config.in | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/package/crun/Config.in b/package/crun/Config.in index 5def7001c1..fa0894e126 100644 --- a/package/crun/Config.in +++ b/package/crun/Config.in @@ -1,8 +1,12 @@ config BR2_PACKAGE_CRUN bool "crun" - select BR2_PACKAGE_ARGP_STANDALONE if BR2_TOOLCHAIN_USES_UCLIBC || BR2_TOOLCHAIN_USES_MUSL + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve + select BR2_PACKAGE_ARGP_STANDALONE if BR2_TOOLCHAIN_USES_MUSL select BR2_PACKAGE_YAJL # libocispec help crun is a fast and low-memory OCI Container Runtime in C. https://github.com/containers/crun + +comment "crun needs a glibc or musl toolchain" + depends on BR2_TOOLCHAIN_USES_UCLIBC