summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-03-06 17:48:48 +1100
committerDarren Tucker <dtucker@zip.com.au>2013-03-06 17:48:48 +1100
commitff008ded7f9641c03fcbe44aedb51040e04c93e5 (patch)
treeb770bef9fe9648b858ab9905fa76b34d3c52d501 /configure.ac
parent834a0d6d541faf7d8e8aa8116eaf594746239275 (diff)
- (dtucker) [configure.ac] test that we can set number of file descriptors
to zero with setrlimit before enabling the rlimit sandbox. This affects (at least) HPUX 11.11.
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac33
1 files changed, 30 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac
index bd8b21d61..ccf3373bd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.511 2013/03/05 08:57:39 dtucker Exp $ 1# $Id: configure.ac,v 1.512 2013/03/06 06:48:48 dtucker Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -15,7 +15,7 @@
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18AC_REVISION($Revision: 1.511 $) 18AC_REVISION($Revision: 1.512 $)
19AC_CONFIG_SRCDIR([ssh.c]) 19AC_CONFIG_SRCDIR([ssh.c])
20AC_LANG([C]) 20AC_LANG([C])
21 21
@@ -2690,6 +2690,32 @@ AC_RUN_IFELSE(
2690 [AC_MSG_WARN([cross compiling: assuming yes])] 2690 [AC_MSG_WARN([cross compiling: assuming yes])]
2691) 2691)
2692 2692
2693AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
2694AC_RUN_IFELSE(
2695 [AC_LANG_PROGRAM([[
2696#include <sys/types.h>
2697#ifdef HAVE_SYS_TIME_H
2698# include <sys/time.h>
2699#endif
2700#include <sys/resource.h>
2701#include <errno.h>
2702#include <stdlib.h>
2703 ]],[[
2704 struct rlimit rl_zero;
2705 int fd, r;
2706 fd_set fds;
2707
2708 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2709 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
2710 exit (r == -1 ? 1 : 0);
2711 ]])],
2712 [AC_MSG_RESULT([yes])
2713 rlimit_nofile_zero_works=yes],
2714 [AC_MSG_RESULT([no])
2715 rlimit_nofile_zero_works=no],
2716 [AC_MSG_WARN([cross compiling: assuming yes])]
2717)
2718
2693AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 2719AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
2694AC_RUN_IFELSE( 2720AC_RUN_IFELSE(
2695 [AC_LANG_PROGRAM([[ 2721 [AC_LANG_PROGRAM([[
@@ -2744,7 +2770,8 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \
2744 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 2770 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
2745elif test "x$sandbox_arg" = "xrlimit" || \ 2771elif test "x$sandbox_arg" = "xrlimit" || \
2746 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 2772 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
2747 test "x$select_works_with_rlimit" = "xyes" ) ; then 2773 test "x$select_works_with_rlimit" = "xyes" && \
2774 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
2748 test "x$ac_cv_func_setrlimit" != "xyes" && \ 2775 test "x$ac_cv_func_setrlimit" != "xyes" && \
2749 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 2776 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
2750 test "x$select_works_with_rlimit" != "xyes" && \ 2777 test "x$select_works_with_rlimit" != "xyes" && \