- (djm) [configure.ac] error out if the host lacks the necessary bits for

an explicitly requested sandbox type
author: Damien Miller <djm@mindrot.org> 2011-08-17 11:59:25 +1000
committer: Damien Miller <djm@mindrot.org> 2011-08-17 11:59:25 +1000
commit: 1a91c0f163f0a53e092e7832791a09d659567546 (patch)
tree: f2817ed2624fc4faaebddc238efef3c2db32783a
parent: 9c08312968c965aca19d21f08407e21f5824f8b4 (diff)
2 files changed, 12 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 724d22119..0b3152824 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,8 @@
   OpenSSL 0.9.7. ok djm
 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
   binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
+ - (djm) [configure.ac] error out if the host lacks the necessary bits for
+   an explicitly requested sandbox type
 20110812
 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
diff --git a/configure.ac b/configure.ac
index 74d5263a4..31e72867f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.478 2011/06/26 21:18:20 djm Exp $
+# $Id: configure.ac,v 1.479 2011/08/17 01:59:26 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.478 $)
+AC_REVISION($Revision: 1.479 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
@@ -2476,7 +2476,7 @@ AC_SUBST([SSH_PRIVSEP_USER])
 # Decide which sandbox style to use
 sandbox_arg=""
 AC_ARG_WITH([sandbox],
-        [  --with-sandbox=style    Specify privilege separation sandbox (no, rlimit, systrace)],
+        [  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
        [
                if test "x$withval" = "xyes" ; then
                        sandbox_arg=""
@@ -2487,15 +2487,22 @@ AC_ARG_WITH([sandbox],
 )
 if test "x$sandbox_arg" = "xsystrace" || \
   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
+        test "x$have_systr_policy_kill" != "x1" && \
+                AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
        SANDBOX_STYLE="systrace"
        AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
 elif test "x$sandbox_arg" = "xdarwin" || \
     ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
       test "x$ac_cv_header_sandbox_h" = "xyes") ; then
+        test "x$ac_cv_func_sandbox_init" != "xyes" -o \
+             "x$ac_cv_header_sandbox_h" != "xyes" && \
+                AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
        SANDBOX_STYLE="darwin"
        AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
 elif test "x$sandbox_arg" = "xrlimit" || \
     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
+        test "x$ac_cv_func_setrlimit" != "xyes" && \
+                AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
        SANDBOX_STYLE="rlimit"
        AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
author	Damien Miller <djm@mindrot.org>	2011-08-17 11:59:25 +1000
committer	Damien Miller <djm@mindrot.org>	2011-08-17 11:59:25 +1000
commit	1a91c0f163f0a53e092e7832791a09d659567546 (patch)
tree	f2817ed2624fc4faaebddc238efef3c2db32783a
parent	9c08312968c965aca19d21f08407e21f5824f8b4 (diff)