diff --git a/CMakeLists.txt b/CMakeLists.txt index 893dea2f..7f05666c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -109,7 +109,7 @@ endif() # explicitly set hardening flags set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(FALCO_SECURITY_FLAGS "") -if(NOT EMSCRIPTEN) +if(NOT EMSCRIPTEN AND NOT APPLE) set(FALCO_SECURITY_FLAGS "${FALCO_SECURITY_FLAGS} -Wl,-z,relro,-z,now -fstack-protector-strong") endif() if(CMAKE_BUILD_TYPE STREQUAL "release") diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index a9b98bc2..b81ef993 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -95,10 +95,11 @@ include(CheckSymbolExists) check_symbol_exists(strlcpy "string.h" HAVE_STRLCPY) if(HAVE_STRLCPY) - message(STATUS "Existing strlcpy found, will *not* use local definition by setting -DHAVE_STRLCPY.") + message(STATUS "Existing strlcpy and strlcat found, will *not* use local definition by setting -DHAVE_STRLCPY and -DHAVE_STRLCAT.") add_definitions(-DHAVE_STRLCPY) + add_definitions(-DHAVE_STRLCAT) else() - message(STATUS "No strlcpy found, will use local definition") + message(STATUS "No strlcpy and strlcat found, will use local definition") endif() include(driver) diff --git a/userspace/falco/app/restart_handler.cpp b/userspace/falco/app/restart_handler.cpp index fcd92de6..615aa08a 100644 --- a/userspace/falco/app/restart_handler.cpp +++ b/userspace/falco/app/restart_handler.cpp @@ -22,7 +22,9 @@ limitations under the License. #include #include #include +#if !defined(__APPLE__) #include +#endif #include #if __GLIBC__ == 2 && __GLIBC_MINOR__ < 30 @@ -93,6 +95,7 @@ void falco::app::restart_handler::stop() void falco::app::restart_handler::watcher_loop() noexcept { +#ifdef __linux__ if (fcntl(m_inotify_fd, F_SETOWN, gettid()) < 0) { // an error occurred, we can't recover @@ -207,4 +210,5 @@ void falco::app::restart_handler::watcher_loop() noexcept // next timeout. should_check = true; } +#endif } diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index aa731794..d19afe4a 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -33,7 +33,11 @@ limitations under the License. // overflows here. Threads calling stats_writer::handle() will just // check that this value changed since their last observation. static std::atomic s_timer((stats_writer::ticker_t) 0); +#if !defined(__APPLE__) static timer_t s_timerid; +#else +static uint16_t s_timerid; +#endif // note: Workaround for older GLIBC versions (< 2.35), where calling timer_delete() // with an invalid timer ID not returned by timer_create() causes a segfault because of // a bug in GLIBC (https://sourceware.org/bugzilla/show_bug.cgi?id=28257). @@ -48,7 +52,9 @@ static void timer_handler(int signum) bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err) { +#if !defined(__APPLE__) struct itimerspec timer = {}; +#endif struct sigaction handler = {}; memset (&handler, 0, sizeof(handler)); @@ -64,7 +70,7 @@ bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err) sev.sigev_notify = SIGEV_SIGNAL; sev.sigev_signo = SIGALRM; sev.sigev_value.sival_ptr = &s_timerid; -#ifndef __EMSCRIPTEN__ +#if !defined(__EMSCRIPTEN__) && !defined(__APPLE__) // delete any previously set timer if (s_timerid_exists) { @@ -84,11 +90,14 @@ bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err) s_timerid_exists = true; #endif + +#if !defined(__APPLE__) timer.it_value.tv_sec = interval_msec / 1000; timer.it_value.tv_nsec = (interval_msec % 1000) * 1000 * 1000; timer.it_interval = timer.it_value; +#endif -#ifndef __EMSCRIPTEN__ +#if !defined(__EMSCRIPTEN__) && !defined(__APPLE__) if (timer_settime(s_timerid, 0, &timer, NULL) == -1) { err = std::string("Could not set up periodic timer: ") + strerror(errno); @@ -151,7 +160,7 @@ stats_writer::~stats_writer() m_file_output.close(); } // delete timerID and reset timer -#ifndef __EMSCRIPTEN__ +#if !defined(__EMSCRIPTEN__) && !defined(__APPLE__) if (s_timerid_exists) { timer_delete(s_timerid);