lovesegfault · April 29, 2020 20:44
diff --git a/nix-no-seccomp.patch b/nix-no-seccomp.patch
 diff --git a/src/libstore/build.cc b/src/libstore/build.cc
 index 147093fa..a6c25231 100644
 --- a/src/libstore/build.cc
 +++ b/src/libstore/build.cc
 @@ -59,7 +59,7 @@
 #include <sys/param.h>
 #include <sys/mount.h>
 #include <sys/syscall.h>
 -#if HAVE_SECCOMP
 +#if 0
 #include <seccomp.h>
 #endif
 #define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old))
 @@ -2979,7 +2979,7 @@ void setupSeccomp()
 {
 #if __linux__
     if (!settings.filterSyscalls) return;
 -#if HAVE_SECCOMP
 +#if 0
     scmp_filter_ctx ctx;
 
     if (!(ctx = seccomp_init(SCMP_ACT_ALLOW)))
 @@ -3029,7 +3029,7 @@ void setupSeccomp()
 
     if (seccomp_load(ctx) != 0)
         throw SysError("unable to load seccomp BPF program");
 -#else
 +#elseif 0
     throw Error(
         "seccomp is not supported on this platform; "
         "you can bypass this error by setting the option 'filter-syscalls' to false, but note that untrusted builds can then create setuid binaries!");
	diff --git a/src/libstore/build.cc b/src/libstore/build.cc
	index 147093fa..a6c25231 100644
	--- a/src/libstore/build.cc
	+++ b/src/libstore/build.cc
	@@ -59,7 +59,7 @@
	#include <sys/param.h>
	#include <sys/mount.h>
	#include <sys/syscall.h>
	-#if HAVE_SECCOMP
	+#if 0
	#include <seccomp.h>
	#endif
	#define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old))
	@@ -2979,7 +2979,7 @@ void setupSeccomp()
	{
	#if __linux__
	if (!settings.filterSyscalls) return;
	-#if HAVE_SECCOMP
	+#if 0
	scmp_filter_ctx ctx;

	if (!(ctx = seccomp_init(SCMP_ACT_ALLOW)))
	@@ -3029,7 +3029,7 @@ void setupSeccomp()

	if (seccomp_load(ctx) != 0)
	throw SysError("unable to load seccomp BPF program");
	-#else
	+#elseif 0
	throw Error(
	"seccomp is not supported on this platform; "
	"you can bypass this error by setting the option 'filter-syscalls' to false, but note that untrusted builds can then create setuid binaries!");