local-derivation-goal.cc: enable seccomp filters for mips{32,64}

[ghost]

This PR enables seccomp filters for the MIPS family (mips{32,64}{el}).

A mips64el Linux MIPS kernel can execute userspace code using any of three ABIs:

      mips64el-linux-*abin64
      mips64el-linux-*abin32
        mipsel-linux-*

The first of these is the native 64-bit ABI, and the only ABI with 64-bit pointers; this is sometimes called "n64". The last of these is the old legacy 32-bit ABI, whose binaries can execute natively on 32-bit MIPS hardware; this is sometimes called "o32".

The second ABI, "n32" is essentially the 64-bit ABI with 32-bit pointers and address space. Hardware 64-bit integer/floating arithmetic is still allowed, as well as the much larger mips64 register set and more-efficient calling convention.

Let's enable seccomp filters for all of these. Likewise for big endian (mips64-linux-*).

[ghost]

Okay, I tested on a mips64le-linux-gnuabi64 host (Cavium Octeon III) using NixOS/nixpkgs#170737 and NixOS/nixpkgs#170736 and this test.nix:

let nixpkgs = import <nixpkgs> { system = builtins.currentSystem; }; in
nixpkgs.stdenv.mkDerivation {
  name = "test-hello";
  dontUnpack = true;
  dontInstall = true;
  buildPhase = ''
    ${nixpkgs.hello}/bin/hello
    ${nixpkgs.pkgsCross.mipsel-linux-gnu.pkgsStatic.hello}/bin/hello
    mkdir $out
  '';
}

Without this commit:

nix@oak:/tmp$ nix-build -I nixpkgs=/nix/nixpkgs --option filter-syscalls true test.nix
this derivation will be built:
  /nix/store/6gbfzjq5vzifsn3vaiv8a56j41rfxa4i-test-hello.drv
building '/nix/store/6gbfzjq5vzifsn3vaiv8a56j41rfxa4i-test-hello.drv'...
patching sources
updateAutotoolsGnuConfigScriptsPhase
configuring
no configure script, doing nothing
building
Hello, world!
/nix/store/maixw1hf9npk9dj8hrh7yjkf84qf7846-stdenv-linux/setup: line 1362:     8 Bad system call         /nix/store/jakbh3wgg0kdzr5cczqmzqmxvqbbqwz4-hello
error: builder for '/nix/store/6gbfzjq5vzifsn3vaiv8a56j41rfxa4i-test-hello.drv' failed with exit code 140

With this commit:

nix@oak:/tmp$ /nix/store/5lwd7ibawmz3x58jzp7hg887fmqlqy08-nix-static-mips64el-unknown-linux-muslabi64-2.4/bin/nix-build -I nixpkgs=/nix/nixpkgs --option filter-syscalls true test.nix
this derivation will be built:
  /nix/store/6gbfzjq5vzifsn3vaiv8a56j41rfxa4i-test-hello.drv
building '/nix/store/6gbfzjq5vzifsn3vaiv8a56j41rfxa4i-test-hello.drv'...
patching sources
updateAutotoolsGnuConfigScriptsPhase
configuring
no configure script, doing nothing
building
Hello, world!
Hello, world!
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/bn3kixdjbq5ia2pylg6qxjyqbnqfqbk2-test-hello
strip is /nix/store/1xgn5fwkivma3qws6yjjv3n7s6nvinq4-gcc-wrapper-10.3.0/bin/strip
patching script interpreter paths in /nix/store/bn3kixdjbq5ia2pylg6qxjyqbnqfqbk2-test-hello
checking for references to /build/ in /nix/store/bn3kixdjbq5ia2pylg6qxjyqbnqfqbk2-test-hello...
/nix/store/bn3kixdjbq5ia2pylg6qxjyqbnqfqbk2-test-hello

So yeah, this works, and is useful.

Adding support for the other 64-bit MIPS ABI (mips64el-linux-gnuabin32) is pretty high on my priority list, because it saves a lot of ram on routers which tend to not have very much of that in the first place.

[ghost]

Ping

[ghost]

Ping.

[Ericson2314]

We have other code like this so let's just do it.