seccomp: Make the compiler fail on error

Currently, build.rs doesn't handle errors from the seccomp compiler correctly, and build.rs doesn't fail. Due to that, when you have a bug in seccomp policy files, `cargo build` fails in later stages with misleading error messages complaining about missing file. With this change, build.rs fails when the seccomp compiler fails. Since the build phase fails correctly, cargo shows the stderr from the seccomp compiler correctly. BUG=None TEST=build succeeds Change-Id: I5645ffabd5ece8888053ac62014bb8ca22d3b9bb Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4054809 Commit-Queue: Takaya Saeki <takayas@chromium.org> Reviewed-by: Zihan Chen <zihanchen@google.com> Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org> Reviewed-by: Alexandre Courbot <acourbot@chromium.org>
2025-02-09 03:57:24 +00:00 · 2022-11-24 08:32:48 +00:00 · 2022-11-24 08:32:48 +00:00 · c2e4e70b4f
commit c2e4e70b4f
parent a540b26e1b
1 changed files with 5 additions and 2 deletions
--- a/build.rs
+++ b/build.rs
@ -36,7 +36,7 @@ fn compile_policies(out_dir: &Path, rewrote_policy_folder: &Path, compile_seccom
                    .file_name()
                    .unwrap(),
            );
-            Command::new(compile_seccomp_policy)
+            let status = Command::new(compile_seccomp_policy)
                .arg("--arch-json")
                .arg(rewrote_policy_folder.join("constants.json"))
                .arg("--default-action")
@ -46,7 +46,10 @@ fn compile_policies(out_dir: &Path, rewrote_policy_folder: &Path, compile_seccom
                .spawn()
                .unwrap()
                .wait()
-                .expect("Compile bpf failed");
+                .expect("Spawning the bpf compiler failed");
+            if !status.success() {
+                panic!("Compile bpf failed");
+            }
            let s = format!(
                r#"("{}", include_bytes!("{}").to_vec()),"#,
                policy_file.path().file_stem().unwrap().to_str().unwrap(),