seccomp: convert to meson

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/configure b/configure
index 5766bce..0c4104e 100755
--- a/configure
+++ b/configure
@@ -413,7 +413,7 @@
 crypto_afalg="no"
 cfi="false"
 cfi_debug="false"
-seccomp="$default_feature"
+seccomp="auto"
 glusterfs="auto"
 gtk="$default_feature"
 gtk_gl="no"
@@ -1355,9 +1355,9 @@
   ;;
   --disable-tools) want_tools="no"
   ;;
-  --enable-seccomp) seccomp="yes"
+  --enable-seccomp) seccomp="enabled"
   ;;
-  --disable-seccomp) seccomp="no"
+  --disable-seccomp) seccomp="disabled"
   ;;
   --disable-glusterfs) glusterfs="disabled"
   ;;
@@ -2458,24 +2458,6 @@
 fi
 
 ##########################################
-# libseccomp check
-
-if test "$seccomp" != "no" ; then
-    libseccomp_minver="2.3.0"
-    if $pkg_config --atleast-version=$libseccomp_minver libseccomp ; then
-        seccomp_cflags="$($pkg_config --cflags libseccomp)"
-        seccomp_libs="$($pkg_config --libs libseccomp)"
-        seccomp="yes"
-    else
-        if test "$seccomp" = "yes" ; then
-            feature_not_found "libseccomp" \
-                 "Install libseccomp devel >= $libseccomp_minver"
-        fi
-        seccomp="no"
-    fi
-fi
-
-##########################################
 # xen probe
 
 if test "$xen" != "disabled" ; then
@@ -6084,12 +6066,6 @@
   echo "CONFIG_AVX512F_OPT=y" >> $config_host_mak
 fi
 
-if test "$seccomp" = "yes"; then
-  echo "CONFIG_SECCOMP=y" >> $config_host_mak
-  echo "SECCOMP_CFLAGS=$seccomp_cflags" >> $config_host_mak
-  echo "SECCOMP_LIBS=$seccomp_libs" >> $config_host_mak
-fi
-
 # XXX: suppress that
 if [ "$bsd" = "yes" ] ; then
   echo "CONFIG_BSD=y" >> $config_host_mak
@@ -6648,7 +6624,7 @@
         -Dcurl=$curl -Dglusterfs=$glusterfs -Dbzip2=$bzip2 -Dlibiscsi=$libiscsi \
         -Dlibnfs=$libnfs -Diconv=$iconv -Dcurses=$curses -Dlibudev=$libudev\
         -Drbd=$rbd -Dlzo=$lzo -Dsnappy=$snappy -Dlzfse=$lzfse \
-        -Dzstd=$zstd \
+        -Dzstd=$zstd -Dseccomp=$seccomp \
         -Ddocs=$docs -Dsphinx_build=$sphinx_build -Dinstall_blobs=$blobs \
         -Dvhost_user_blk_server=$vhost_user_blk_server \
         -Dfuse=$fuse -Dfuse_lseek=$fuse_lseek \
diff --git a/meson.build b/meson.build
index 20a4705..55c3969 100644
--- a/meson.build
+++ b/meson.build
@@ -333,9 +333,10 @@
   libattr = declare_dependency(link_args: config_host['LIBATTR_LIBS'].split())
 endif
 seccomp = not_found
-if 'CONFIG_SECCOMP' in config_host
-  seccomp = declare_dependency(compile_args: config_host['SECCOMP_CFLAGS'].split(),
-                               link_args: config_host['SECCOMP_LIBS'].split())
+if not get_option('seccomp').auto() or have_system or have_tools
+  seccomp = dependency('libseccomp', version: '>=2.3.0',
+                       required: get_option('seccomp'),
+                       method: 'pkg-config', static: enable_static)
 endif
 libcap_ng = not_found
 if 'CONFIG_LIBCAP_NG' in config_host
@@ -998,6 +999,7 @@
 config_host_data.set('CONFIG_RBD', rbd.found())
 config_host_data.set('CONFIG_SDL', sdl.found())
 config_host_data.set('CONFIG_SDL_IMAGE', sdl_image.found())
+config_host_data.set('CONFIG_SECCOMP', seccomp.found())
 config_host_data.set('CONFIG_SNAPPY', snappy.found())
 config_host_data.set('CONFIG_VHOST_USER_BLK_SERVER', have_vhost_user_blk_server)
 config_host_data.set('CONFIG_VNC', vnc.found())
@@ -2367,7 +2369,7 @@
   summary_info += {'QGA w32 disk info': config_host.has_key('CONFIG_QGA_NTDDSCSI')}
   summary_info += {'QGA MSI support':   config_host.has_key('CONFIG_QGA_MSI')}
 endif
-summary_info += {'seccomp support':   config_host.has_key('CONFIG_SECCOMP')}
+summary_info += {'seccomp support':   seccomp.found()}
 summary_info += {'CFI support':       get_option('cfi')}
 summary_info += {'CFI debug support': get_option('cfi_debug')}
 summary_info += {'coroutine backend': config_host['CONFIG_COROUTINE_BACKEND']}
diff --git a/meson_options.txt b/meson_options.txt
index b92b13a..c0eba45 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -72,6 +72,8 @@
        description: 'SDL user interface')
 option('sdl_image', type : 'feature', value : 'auto',
        description: 'SDL Image support for icons')
+option('seccomp', type : 'feature', value : 'auto',
+       description: 'seccomp support')
 option('snappy', type : 'feature', value : 'auto',
        description: 'snappy compression support')
 option('u2f', type : 'feature', value : 'auto',
diff --git a/softmmu/meson.build b/softmmu/meson.build
index 2dab6c7..d8e0301 100644
--- a/softmmu/meson.build
+++ b/softmmu/meson.build
@@ -28,5 +28,5 @@
 ), sdl, libpmem, libdaxctl)
 
 softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c'))
-softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), seccomp])
+softmmu_ss.add(when: seccomp, if_true: files('qemu-seccomp.c'))
 softmmu_ss.add(when: fdt, if_true: files('device_tree.c'))
diff --git a/softmmu/qemu-seccomp.c b/softmmu/qemu-seccomp.c
index 8325ecb..377ef69 100644
--- a/softmmu/qemu-seccomp.c
+++ b/softmmu/qemu-seccomp.c
@@ -202,7 +202,6 @@
     return rc < 0 ? -1 : 0;
 }
 
-#ifdef CONFIG_SECCOMP
 int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
 {
     if (qemu_opt_get_bool(opts, "enable", false)) {
@@ -328,4 +327,3 @@
     }
 }
 opts_init(seccomp_register);
-#endif
diff --git a/tools/meson.build b/tools/meson.build
index 76bf84d..5c52d79 100644
--- a/tools/meson.build
+++ b/tools/meson.build
@@ -1,6 +1,6 @@
 have_virtiofsd = (targetos == 'linux' and
     have_tools and
-    'CONFIG_SECCOMP' in config_host and
+    seccomp.found() and
     'CONFIG_LIBCAP_NG' in config_host and
     'CONFIG_VHOST_USER' in config_host)
 
@@ -8,7 +8,7 @@
   if not have_virtiofsd
     if targetos != 'linux'
       error('virtiofsd requires Linux')
-    elif 'CONFIG_SECCOMP' not in config_host or 'CONFIG_LIBCAP_NG' not in config_host
+    elif not seccomp.found() or 'CONFIG_LIBCAP_NG' not in config_host
       error('virtiofsd requires libcap-ng-devel and seccomp-devel')
     elif not have_tools or 'CONFIG_VHOST_USER' not in config_host
       error('virtiofsd needs tools and vhost-user support')