pkgs/os-specific/linux/syscall_limiter/default.nix at 18.03-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / pkgs / os-specific / linux / syscall_limiter / default.nix

at 18.03-beta 41 lines 1.0 kB view raw

 1{ stdenv
 2, fetchFromGitHub
 3, libseccomp
 4, perl
 5, which
 6}:
 7
 8stdenv.mkDerivation rec {
 9  name    = "syscall_limiter-${version}";
10  version = "20170123";
11
12  src = fetchFromGitHub {
13    owner  = "vi";
14    repo   = "syscall_limiter";
15    rev    = "481c8c883f2e1260ebc83b352b63bf61a930a341";
16    sha256 = "0z5arj1kq1xczgrbw1b8m9kicbv3vs9bd32wvgfr4r6ndingsp5m";
17  };
18
19  configurePhase = "";
20
21  buildPhase = ''
22    make CC="gcc -I${libseccomp}/include -L${libseccomp}/lib"
23  '';
24
25  installPhase = ''
26    mkdir -p $out/bin
27    cp -v limit_syscalls $out/bin
28    cp -v monitor.sh $out/bin/limit_syscalls_monitor.sh
29    substituteInPlace $out/bin/limit_syscalls_monitor.sh \
30      --replace perl ${perl}/bin/perl \
31      --replace which ${which}/bin/which
32  '';
33
34  meta = with stdenv.lib; {
35    description = "Start Linux programs with only selected syscalls enabled";
36    homepage    = https://github.com/vi/syscall_limiter;
37    license     = licenses.mit;
38    maintainers = with maintainers; [ obadz ];
39    platforms   = platforms.linux;
40  };
41}