summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-01-17 16:47:04 +1100
committerDamien Miller <djm@mindrot.org>2014-01-17 16:47:04 +1100
commit868ea1ea1c1bfdbee5dbad78f81999c5983ecf31 (patch)
treecd0d26dd73bc147951ef9a3aeb967448912e9c4f /configure.ac
parenta9d186a8b50d18869a10e9203abf71c83ddb1f79 (diff)
- (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac17
1 files changed, 14 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac
index abd912f5a..f14e177fc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.549 2014/01/17 04:12:16 dtucker Exp $ 1# $Id: configure.ac,v 1.550 2014/01/17 05:47:04 djm Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -15,7 +15,7 @@
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18AC_REVISION($Revision: 1.549 $) 18AC_REVISION($Revision: 1.550 $)
19AC_CONFIG_SRCDIR([ssh.c]) 19AC_CONFIG_SRCDIR([ssh.c])
20AC_LANG([C]) 20AC_LANG([C])
21 21
@@ -120,6 +120,10 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
120 #include <sys/types.h> 120 #include <sys/types.h>
121 #include <linux/prctl.h> 121 #include <linux/prctl.h>
122]) 122])
123AC_CHECK_DECL([cap_enter], [have_cap_enter=1], , [
124 #include <sys/capability.h>
125])
126
123use_stack_protector=1 127use_stack_protector=1
124use_toolchain_hardening=1 128use_toolchain_hardening=1
125AC_ARG_WITH([stackprotect], 129AC_ARG_WITH([stackprotect],
@@ -2835,7 +2839,7 @@ fi
2835# Decide which sandbox style to use 2839# Decide which sandbox style to use
2836sandbox_arg="" 2840sandbox_arg=""
2837AC_ARG_WITH([sandbox], 2841AC_ARG_WITH([sandbox],
2838 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)], 2842 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)],
2839 [ 2843 [
2840 if test "x$withval" = "xyes" ; then 2844 if test "x$withval" = "xyes" ; then
2841 sandbox_arg="" 2845 sandbox_arg=""
@@ -2974,6 +2978,13 @@ elif test "x$sandbox_arg" = "xrlimit" || \
2974 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 2978 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
2975 SANDBOX_STYLE="rlimit" 2979 SANDBOX_STYLE="rlimit"
2976 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 2980 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2981elif test "x$sandbox_arg" = "xcapsicum" || \
2982 ( test -z "$sandbox_arg" && \
2983 test "x$have_cap_enter" = "x1") ; then
2984 test "x$have_cap_enter" != "x1" && \
2985 AC_MSG_ERROR([capsicum sandbox requires cap_enter function])
2986 SANDBOX_STYLE="capsicum"
2987 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
2977elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 2988elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2978 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 2989 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
2979 SANDBOX_STYLE="none" 2990 SANDBOX_STYLE="none"
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 02:27:03 +0000