From c8d542fd593f06b85d4b7b712378a4f84ec4d2b3 Mon Sep 17 00:00:00 2001
From: Philipp Stephani <phst@google.com>
Date: Sun, 11 Apr 2021 19:47:36 +0200
Subject: Add a variant of the Seccomp filter file that allows 'execve'.

This is useful when starting Emacs with a Seccomp filter enabled,
e.g. using 'bwrap'.

* lib-src/seccomp-filter.c (main): Generate new Seccomp files.

* lib-src/Makefile.in (all)
(seccomp-filter.bpf seccomp-filter.pfc seccomp-filter-exec.bpf
seccomp-filter-exec.pfc): Generate new Seccomp files.

* .gitignore: Ignore new Seccomp files.

* test/src/emacs-tests.el (emacs-tests/bwrap/allows-stdout): New unit
test.
---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

(limited to '.gitignore')

diff --git a/.gitignore b/.gitignore
index ecf768dc4d6..a1e3cb92f87 100644
--- a/.gitignore
+++ b/.gitignore
@@ -306,3 +306,5 @@ src/gdb.ini
 # Seccomp filter files.
 lib-src/seccomp-filter.bpf
 lib-src/seccomp-filter.pfc
+lib-src/seccomp-filter-exec.bpf
+lib-src/seccomp-filter-exec.pfc
-- 
cgit v1.2.3