build: restore seccomp filter targets

This partially reverts commit 2b34747db ("generate seccomp filters at
install time", 2023-07-07).  See also commit 6fa19aab9 ("feature: use
seccomp filters build at install time for --restrict-namespaces",
2023-07-12).

The seccomp filters were always being built because
src/fseccomp/fseccomp (and other programs) are in `$(ALL_ITEMS)`, which
is incorrectly marked as phony.  This commit fixes that and restores the
previous target logic, for consistency with the other targets and so
that the seccomp filters are made at build time rather than at install
time.

1 files changed, 19 insertions, 7 deletions

diff --git a/Makefile b/Makefile
index 1343cb87d..81e363990 100644
--- a/Makefile
+++ b/Makefile
@@ -37,13 +37,13 @@ SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=)
 ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)
 
 .PHONY: all
-all: all_items mydirs $(CONTRIB_TARGET)
+all: all_items mydirs filters $(CONTRIB_TARGET)
 
 config.mk config.sh:
         @printf 'error: run ./configure to generate %s\n' "$@" >&2
         @false
 
-.PHONY: all_items $(ALL_ITEMS)
+.PHONY: all_items
 all_items: $(ALL_ITEMS)
 $(ALL_ITEMS): $(MYDIRS)
         $(MAKE) -C $(dir $@)
@@ -53,21 +53,34 @@ mydirs: $(MYDIRS)
 $(MYDIRS):
         $(MAKE) -C $@
 
-define build_filters
+.PHONY: filters
+filters: $(SECCOMP_FILTERS)
+seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
         src/fseccomp/fseccomp default seccomp
         src/fsec-optimize/fsec-optimize seccomp
+
+seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
         src/fseccomp/fseccomp default seccomp.debug allow-debuggers
         src/fsec-optimize/fsec-optimize seccomp.debug
+
+seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
         src/fseccomp/fseccomp secondary 32 seccomp.32
         src/fsec-optimize/fsec-optimize seccomp.32
+
+seccomp.block_secondary: src/fseccomp/fseccomp
         src/fseccomp/fseccomp secondary block seccomp.block_secondary
+
+seccomp.mdwx: src/fseccomp/fseccomp
         src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx
+
+seccomp.mdwx.32: src/fseccomp/fseccomp
         src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32
-        src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts
-        src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts
-endef
 
+seccomp.namespaces: src/fseccomp/fseccomp
+        src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts
 
+seccomp.namespaces.32: src/fseccomp/fseccomp
+        src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts
 
 # Makes all targets in contrib/
 .PHONY: contrib
@@ -180,7 +193,6 @@ endif
         # libraries and plugins
         install -m 0755 -d $(DESTDIR)$(libdir)/firejail
         install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh
-        $(call build_filters)
         install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS)
         install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS)
         install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats