Cargo.lock

@@ -495,6 +495,7 @@ name = "letmein-seccomp"
 version = "2.0.0"
 dependencies = [
  "anyhow",
+ "autocfg",
  "libc",
  "seccompiler",
 ]

Cargo.toml

@@ -27,6 +27,7 @@ keywords = [ "port-knocking", "port", "knock", "firewall", "nftables" ]
 
 [workspace.dependencies]
 anyhow = "1"
+autocfg = "1"
 clap = "4"
 getrandom = "0.2"
 hickory-proto = "0.24"

letmein-seccomp/Cargo.toml

@@ -13,10 +13,14 @@ repository = { workspace = true }
 readme = { workspace = true }
 categories = { workspace = true }
 keywords = { workspace = true }
+build = "build.rs"
 
 [dependencies]
 anyhow = { workspace = true }
 libc = { workspace = true }
 seccompiler = { workspace = true }
 
+[build-dependencies]
+autocfg = { workspace = true }
+
 # vim: ts=4 sw=4 expandtab

letmein-seccomp/build.rs

@@ -0,0 +1,16 @@
+// -*- coding: utf-8 -*-
+//
+// Copyright (C) 2024 Michael Büsch <m@bues.ch>
+//
+// Licensed under the Apache License version 2.0
+// or the MIT license, at your option.
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+
+fn main() {
+    let ac = autocfg::new();
+    ac.emit_path_cfg("libc::SYS_mmap", "has_SYS_mmap");
+    ac.emit_path_cfg("libc::SYS_mmap2", "has_SYS_mmap2");
+    autocfg::rerun_path("build.rs");
+}
+
+// vim: ts=4 sw=4 expandtab

letmein-seccomp/src/lib.rs

@@ -76,7 +76,10 @@ pub fn seccomp_compile_for_arch(
     for allow in allow {
         match *allow {
             Allow::Mmap => {
+                #[cfg(has_SYS_mmap)]
                 rules.insert(libc::SYS_mmap, vec![]);
+                #[cfg(has_SYS_mmap2)]
+                rules.insert(libc::SYS_mmap2, vec![]);
                 rules.insert(libc::SYS_mremap, vec![]);
                 rules.insert(libc::SYS_munmap, vec![]);
             }