diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-03-06 17:48:48 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-03-06 17:48:48 +1100 |
commit | ff008ded7f9641c03fcbe44aedb51040e04c93e5 (patch) | |
tree | b770bef9fe9648b858ab9905fa76b34d3c52d501 /configure.ac | |
parent | 834a0d6d541faf7d8e8aa8116eaf594746239275 (diff) |
- (dtucker) [configure.ac] test that we can set number of file descriptors
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index bd8b21d61..ccf3373bd 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.511 2013/03/05 08:57:39 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.512 2013/03/06 06:48:48 dtucker Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
18 | AC_REVISION($Revision: 1.511 $) | 18 | AC_REVISION($Revision: 1.512 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
21 | 21 | ||
@@ -2690,6 +2690,32 @@ AC_RUN_IFELSE( | |||
2690 | [AC_MSG_WARN([cross compiling: assuming yes])] | 2690 | [AC_MSG_WARN([cross compiling: assuming yes])] |
2691 | ) | 2691 | ) |
2692 | 2692 | ||
2693 | AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) | ||
2694 | AC_RUN_IFELSE( | ||
2695 | [AC_LANG_PROGRAM([[ | ||
2696 | #include <sys/types.h> | ||
2697 | #ifdef HAVE_SYS_TIME_H | ||
2698 | # include <sys/time.h> | ||
2699 | #endif | ||
2700 | #include <sys/resource.h> | ||
2701 | #include <errno.h> | ||
2702 | #include <stdlib.h> | ||
2703 | ]],[[ | ||
2704 | struct rlimit rl_zero; | ||
2705 | int fd, r; | ||
2706 | fd_set fds; | ||
2707 | |||
2708 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
2709 | r = setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
2710 | exit (r == -1 ? 1 : 0); | ||
2711 | ]])], | ||
2712 | [AC_MSG_RESULT([yes]) | ||
2713 | rlimit_nofile_zero_works=yes], | ||
2714 | [AC_MSG_RESULT([no]) | ||
2715 | rlimit_nofile_zero_works=no], | ||
2716 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
2717 | ) | ||
2718 | |||
2693 | AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) | 2719 | AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) |
2694 | AC_RUN_IFELSE( | 2720 | AC_RUN_IFELSE( |
2695 | [AC_LANG_PROGRAM([[ | 2721 | [AC_LANG_PROGRAM([[ |
@@ -2744,7 +2770,8 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \ | |||
2744 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) | 2770 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) |
2745 | elif test "x$sandbox_arg" = "xrlimit" || \ | 2771 | elif test "x$sandbox_arg" = "xrlimit" || \ |
2746 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ | 2772 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ |
2747 | test "x$select_works_with_rlimit" = "xyes" ) ; then | 2773 | test "x$select_works_with_rlimit" = "xyes" && \ |
2774 | test "x$rlimit_nofile_zero_works" = "xyes" ) ; then | ||
2748 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | 2775 | test "x$ac_cv_func_setrlimit" != "xyes" && \ |
2749 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) | 2776 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) |
2750 | test "x$select_works_with_rlimit" != "xyes" && \ | 2777 | test "x$select_works_with_rlimit" != "xyes" && \ |