configure succeeds even when there is no lex installed. However, it does mention it:

...
checking for flex... no
checking for lex... no
...

After the successful configure, make fails like this:

  CC       src/main.o
  LEX      src/libeasyseccomp_a-lexer.c
  CC       src/libeasyseccomp_a-libeasyseccomp_a-lexer.o
gcc: error: ./src/libeasyseccomp_a-lexer.c: No such file or directory
gcc: fatal error: no input files
compilation terminated.
make: *** [Makefile:765: src/libeasyseccomp_a-libeasyseccomp_a-lexer.o] Error 1

It took some figuring out to learn that I had to install flex. (I'm using Ubuntu 20.04.)

I love seeing new seccomp projects!

What is the use-case here? Since this uses libseccomp internally, it must meet some requirement(s) that the library doesn't fulfill.

It would be good to explain this in the README.md file.

Some of the definitions assumed in the code don't exist on older systems (e.g. kernel 3.10.0). Had to remove them from generator.c and sim/sim.c. Would be nice if they were only used when available...

$ make
CC src/libeasyseccomp_a-libeasyseccomp_a-parser.o
CC src/libeasyseccomp_a-libeasyseccomp_a-lexer.o
CC src/libeasyseccomp_a-generator.o
src/generator.c: In function 'generate_action':
src/generator.c:385:36: error: 'SECCOMP_RET_USER_NOTIF' undeclared (first use in this function)
emit_stmt (ctx, BPF_RET|BPF_K, SECCOMP_RET_USER_NOTIF);
^
src/generator.c:385:36: note: each undeclared identifier is reported only once for each function it appears in
src/generator.c:387:36: error: 'SECCOMP_RET_LOG' undeclared (first use in this function)
emit_stmt (ctx, BPF_RET|BPF_K, SECCOMP_RET_LOG);
^
src/generator.c:391:36: error: 'SECCOMP_RET_KILL_THREAD' undeclared (first use in this function)
emit_stmt (ctx, BPF_RET|BPF_K, SECCOMP_RET_KILL_THREAD);
^
src/generator.c:393:36: error: 'SECCOMP_RET_KILL_PROCESS' undeclared (first use in this function)
emit_stmt (ctx, BPF_RET|BPF_K, SECCOMP_RET_KILL_PROCESS);
^
src/generator.c: In function 'generate_condition_and_action':
src/generator.c:795:9: warning: empty declaration [enabled by default]
attribute ((fallthrough));
^
make: *** [src/libeasyseccomp_a-generator.o] Error 1

make
CC src/libeasyseccomp_a-generator.o
src/generator.c: In function 'generate_condition_and_action':
src/generator.c:795:9: warning: empty declaration [enabled by default]
attribute ((fallthrough));
^
CC src/libeasyseccomp_a-types.o
CC src/syscall-versions/libeasyseccomp_a-syscall-versions.o
AR libeasyseccomp.a
CC src/main.o
CCLD easyseccomp
CC src/sim/sim.o
In file included from src/sim/bpf.h:59:0,
from src/sim/sim.c:31:
src/sim/glue.h:11:0: warning: "__bounded" redefined [enabled by default]

define __bounded(args)

^
In file included from /usr/include/features.h:375:0,
from /usr/include/sys/types.h:25,
from /usr/include/sys/param.h:25,
from src/sim/sim.c:19:
/usr/include/sys/cdefs.h:134:0: note: this is the location of the previous definition

define __bounded /* nothing */

^
src/sim/sim.c: In function 'get_seccomp_action':
src/sim/sim.c:167:17: error: 'SECCOMP_RET_USER_NOTIF' undeclared (first use in this function)
if (action == SECCOMP_RET_USER_NOTIF)
^
src/sim/sim.c:167:17: note: each undeclared identifier is reported only once for each function it appears in
src/sim/sim.c:171:17: error: 'SECCOMP_RET_KILL_THREAD' undeclared (first use in this function)
if (action == SECCOMP_RET_KILL_THREAD)
^
src/sim/sim.c:173:17: error: 'SECCOMP_RET_KILL_PROCESS' undeclared (first use in this function)
if (action == SECCOMP_RET_KILL_PROCESS)
^
make: *** [src/sim/sim.o] Error 1

Can't compile default policy due to missing syscalls (likely because I'm on older 3.10 kernel). Don't know if this is a fatal message or just a warning, but the default policy doesn't even mention pidfd_open so it's strange that there is a message about it.

$ ./easyseccomp <contrib/default-policy.easyseccomp >default.bpf
unknown syscall pidfd_open

Get an error when using an older bison (2.7.12-4996). Ok with bison 3.7.6.

$ ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether UID '9828' is supported by ustar format... yes
checking whether GID '1179' is supported by ustar format... yes
checking how to create a ustar tar archive... gnutar
checking whether to enable maintainer-specific portions of Makefiles... yes
checking whether make supports nested variables... (cached) yes
checking for bison... bison -y
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for flex... flex
checking lex output file root... lex.yy
checking lex library... none needed
checking whether yytext is a pointer... no
checking for ranlib... ranlib
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking seccomp.h usability... yes
checking seccomp.h presence... yes
checking for seccomp.h... yes
checking for library containing seccomp_rule_add... -lseccomp
checking for library containing seccomp_arch_resolve_name... none required
checking stddef.h usability... yes
checking stddef.h presence... yes
checking for stddef.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for unistd.h... (cached) yes
checking for size_t... yes
checking for error_at_line... yes
checking for memset... yes
checking for strdup... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/config.h
config.status: executing depfiles commands

$ make
YACC src/libeasyseccomp_a-parser.c
easyseccomp-main/src/parser.y:42.9-19: error: %define variable 'parse.error' is not used
make: *** [src/libeasyseccomp_a-parser.c] Error 1

The last line of the default policy generates an error. Perhaps either the initial condition is missing or is just a typo leftover from something else:

=> ERRNO(ENOSYS);

$ ./easyseccomp <contrib/default-policy.easyseccomp >default.bpf
syntax error, unexpected EOL, expecting end of file