The CLONE_* symbols in security.c were introduced starting in kernel 2.6.19. If you unfortunately happen to be on some old (chroot) environment like RH5, these symbols are missing. Please consider the following patch to simply treat those platforms as non-linux to avoid using the symbols, but still produce a usable tool. If ok with you, I can also (try to) push this myself to the repo. Thanks. diff --git a/security.c b/security.c index 8019860..258d8f6 100644 --- a/security.c +++ b/security.c @@ -7,7 +7,7 @@ #include "paxinc.h" -#ifdef __linux__ +#if defined(__linux__) && defined(CLONE_NEWIPC) #ifdef __SANITIZE_ADDRESS__ /* ASAN does some weird stuff. */ diff --git a/security.h b/security.h index c93ec3e..85673ff 100644 --- a/security.h +++ b/security.h @@ -16,7 +16,7 @@ # define USE_SLOW_SECURITY 0 #endif -#ifdef __linux__ +#if defined(__linux__) && defined(CLONE_NEWIPC) /* Lock down the runtime; allow_forking controls whether to use a pidns. */ void security_init(bool allow_forking); /* Disable forking; usable only when allow_forking above was true. */
there's a bit more to it, but i've fixed it locally now, so it'll be in the next release
should be fixed with the 1.2 release
