merge 6.0p1

author: Colin Watson <cjwatson@debian.org> 2012-05-17 13:04:02 +0100
committer: Colin Watson <cjwatson@debian.org> 2012-05-17 13:04:02 +0100
commit: dd5ed53e20d218607260916a6b04d1c8c5b3d88f (patch)
tree: c59b4dbcc610f10700945f885adf3bddc2542c26 /configure.ac
parent: 8241a65bf12ac53c1b7304bba7ce739aad80b8b8 (diff)
parent: b9bc38990c5eb5d99e28ca5af6d3491fd4a0060a (diff)
1 files changed, 115 insertions, 9 deletions
diff --git a/configure.ac b/configure.ac
index 58da1f167..cdf24bc1f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $
+# $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.480 $)
+AC_REVISION($Revision: 1.489 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
@@ -116,6 +116,35 @@ AC_CHECK_DECL([RLIMIT_NPROC],
        #include <sys/types.h>
        #include <sys/resource.h>
 ])
+AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
+        #include <sys/types.h>
+        #include <linux/prctl.h>
+])
+if test "x$have_linux_no_new_privs" = "x1" ; then
+AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
+        #include <sys/types.h>
+        #include <linux/seccomp.h>
+])
+fi
+if test "x$have_seccomp_filter" = "x1" ; then
+AC_MSG_CHECKING([kernel for seccomp_filter support])
+AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+                #include <errno.h>
+                #include <linux/seccomp.h>
+                #include <stdlib.h>
+                #include <sys/prctl.h>
+        ]],
+        [[ errno = 0;
+           prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
+           exit(errno == EFAULT ? 0 : 1); ]])],
+        [ AC_MSG_RESULT([yes]) ], [
+                AC_MSG_RESULT([no])
+                # Disable seccomp filter as a target
+                have_seccomp_filter=0
+        ],
+        [ AC_MSG_RESULT([cross-compiling, assuming yes]) ]
+)
+fi
 use_stack_protector=1
 AC_ARG_WITH([stackprotect],
@@ -134,6 +163,7 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
        OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
        OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
        OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
+        OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
        AC_MSG_CHECKING([gcc version])
        GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
        case $GCC_VER in
@@ -680,6 +710,22 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
                AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
                    [Prepend the address family to IP tunnel traffic])
        fi
+        AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h])
+        AC_CHECK_FUNCS([prctl])
+        have_seccomp_audit_arch=1
+        case "$host" in
+        x86_64-*)
+                AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_X86_64],
+                    [Specify the system call convention in use])
+                ;;
+        i*86-*)
+                AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_I386],
+                    [Specify the system call convention in use])
+                ;;
+        *)
+                have_seccomp_audit_arch=0
+                ;;
+        esac
        ;;
 mips-sony-bsd|mips-sony-newsos4)
        AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
@@ -1148,9 +1194,13 @@ AC_CHECK_FUNCS([utimes],
 dnl    Checks for libutil functions
 AC_CHECK_HEADERS([libutil.h])
-AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1],
+AC_SEARCH_LIBS([fmt_scaled], [util bsd])
-        [Define if your libraries define login()])])
+AC_SEARCH_LIBS([login], [util bsd])
-AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp])
+AC_SEARCH_LIBS([logout], [util bsd])
+AC_SEARCH_LIBS([logwtmp], [util bsd])
+AC_SEARCH_LIBS([openpty], [util bsd])
+AC_SEARCH_LIBS([updwtmp], [util bsd])
+AC_CHECK_FUNCS([fmt_scaled login logout openpty updwtmp logwtmp])
 AC_FUNC_STRFTIME
@@ -1343,6 +1393,41 @@ int deny_severity = 0, allow_severity = 0;
        ]
 )
+# Check whether user wants to use ldns
+LDNS_MSG="no"
+AC_ARG_WITH(ldns,
+        [  --with-ldns[[=PATH]]      Use ldns for DNSSEC support (optionally in PATH)],
+    [
+        if test "x$withval" != "xno" ; then
+                        if test "x$withval" != "xyes" ; then
+                                CPPFLAGS="$CPPFLAGS -I${withval}/include"
+                                LDFLAGS="$LDFLAGS -L${withval}/lib"
+                        fi
+            AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
+            LIBS="-lldns $LIBS"
+            LDNS_MSG="yes"
+            AC_MSG_CHECKING([for ldns support])
+            AC_LINK_IFELSE(
+                [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <ldns/ldns.h>
+int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
+                                ]])
+                ],
+                                [AC_MSG_RESULT(yes)],
+                                [
+                                        AC_MSG_RESULT(no)
+                                        AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
+                                ])
+        fi
+    ]
+)
 # Check whether user wants libedit support
 LIBEDIT_MSG="no"
 AC_ARG_WITH([libedit],
@@ -1422,6 +1507,11 @@ AC_ARG_WITH([audit],
                # These are optional
                AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
                AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
+                if test "$sol2ver" -eq 11; then
+                        SSHDLIBS="$SSHDLIBS -lscf"
+                        AC_DEFINE([BROKEN_BSM_API], [1], 
+                                  [The system has incomplete BSM API])
+                fi
                ;;
          linux)
                AC_MSG_RESULT([linux])
@@ -1490,7 +1580,6 @@ AC_CHECK_FUNCS([ \
        nsleep \
        ogetaddrinfo \
        openlog_r \
-        openpty \
        poll \
        prctl \
        pstat \
@@ -1525,6 +1614,7 @@ AC_CHECK_FUNCS([ \
        strlcat \
        strlcpy \
        strmode \
+        strnlen \
        strnvis \
        strptime \
        strtonum \
@@ -2192,7 +2282,7 @@ AC_LINK_IFELSE(
        ]
 )
-AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method])
+AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init])
 AC_ARG_WITH([ssl-engine],
        [  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
@@ -2500,7 +2590,7 @@ AC_SUBST([SSH_PRIVSEP_USER])
 # Decide which sandbox style to use
 sandbox_arg=""
 AC_ARG_WITH([sandbox],
-        [  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
+        [  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)],
        [
                if test "x$withval" = "xyes" ; then
                        sandbox_arg=""
@@ -2523,6 +2613,23 @@ elif test "x$sandbox_arg" = "xdarwin" || \
                AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
        SANDBOX_STYLE="darwin"
        AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
+elif test "x$sandbox_arg" = "xseccomp_filter" || \
+     ( test -z "$sandbox_arg" && \
+       test "x$have_seccomp_filter" == "x1" && \
+       test "x$ac_cv_header_linux_audit_h" = "xyes" && \
+       test "x$have_seccomp_audit_arch" = "x1" && \
+       test "x$have_linux_no_new_privs" = "x1" && \
+       test "x$ac_cv_func_prctl" = "xyes" ) ; then
+        test "x$have_seccomp_audit_arch" != "x1" && \
+                AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
+        test "x$have_linux_no_new_privs" != "x1" && \
+                AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
+        test "x$have_seccomp_filter" != "x1" && \
+                AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
+        test "x$ac_cv_func_prctl" != "xyes" && \
+                AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
+        SANDBOX_STYLE="seccomp_filter"
+        AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
 elif test "x$sandbox_arg" = "xrlimit" || \
     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
        test "x$ac_cv_func_setrlimit" != "xyes" && \
@@ -2546,7 +2653,6 @@ fi
 AC_CHECK_TYPES([long long, unsigned long long, long double])
 # Check datatype sizes
-AC_CHECK_SIZEOF([char], [1])
 AC_CHECK_SIZEOF([short int], [2])
 AC_CHECK_SIZEOF([int], [4])
 AC_CHECK_SIZEOF([long int], [4])
author	Colin Watson <cjwatson@debian.org>	2012-05-17 13:04:02 +0100
committer	Colin Watson <cjwatson@debian.org>	2012-05-17 13:04:02 +0100
commit	dd5ed53e20d218607260916a6b04d1c8c5b3d88f (patch)
tree	c59b4dbcc610f10700945f885adf3bddc2542c26 /configure.ac
parent	8241a65bf12ac53c1b7304bba7ce739aad80b8b8 (diff)
parent	b9bc38990c5eb5d99e28ca5af6d3491fd4a0060a (diff)

diff --git a/configure.ac b/configure.ac index 58da1f167..cdf24bc1f 100644 --- a/configure.ac +++ b/configure.ac
@@ -1,4 +1,4 @@
1	# $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $	1	# $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $
2	#	2	#
3	# Copyright (c) 1999-2004 Damien Miller	3	# Copyright (c) 1999-2004 Damien Miller
4	#	4	#
@@ -15,7 +15,7 @@
15	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16		16
17	AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])	17	AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18	AC_REVISION($Revision: 1.480 $)	18	AC_REVISION($Revision: 1.489 $)
19	AC_CONFIG_SRCDIR([ssh.c])	19	AC_CONFIG_SRCDIR([ssh.c])
20	AC_LANG([C])	20	AC_LANG([C])
21		21
@@ -116,6 +116,35 @@ AC_CHECK_DECL([RLIMIT_NPROC],
116	#include <sys/types.h>	116	#include <sys/types.h>
117	#include <sys/resource.h>	117	#include <sys/resource.h>
118	])	118	])
		119	AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
		120	#include <sys/types.h>
		121	#include <linux/prctl.h>
		122	])
		123	if test "x$have_linux_no_new_privs" = "x1" ; then
		124	AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
		125	#include <sys/types.h>
		126	#include <linux/seccomp.h>
		127	])
		128	fi
		129	if test "x$have_seccomp_filter" = "x1" ; then
		130	AC_MSG_CHECKING([kernel for seccomp_filter support])
		131	AC_RUN_IFELSE([AC_LANG_PROGRAM([[
		132	#include <errno.h>
		133	#include <linux/seccomp.h>
		134	#include <stdlib.h>
		135	#include <sys/prctl.h>
		136	]],
		137	[[ errno = 0;
		138	prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
		139	exit(errno == EFAULT ? 0 : 1); ]])],
		140	[ AC_MSG_RESULT([yes]) ], [
		141	AC_MSG_RESULT([no])
		142	# Disable seccomp filter as a target
		143	have_seccomp_filter=0
		144	],
		145	[ AC_MSG_RESULT([cross-compiling, assuming yes]) ]
		146	)
		147	fi
119		148
120	use_stack_protector=1	149	use_stack_protector=1
121	AC_ARG_WITH([stackprotect],	150	AC_ARG_WITH([stackprotect],
@@ -134,6 +163,7 @@ if test "$GCC" = "yes" \|\| test "$GCC" = "egcs"; then
134	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])	163	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
135	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])	164	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
136	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])	165	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
		166	OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
137	AC_MSG_CHECKING([gcc version])	167	AC_MSG_CHECKING([gcc version])
138	GCC_VER=`$CC -v 2>&1 \| $AWK '/gcc version /{print $3}'`	168	GCC_VER=`$CC -v 2>&1 \| $AWK '/gcc version /{print $3}'`
139	case $GCC_VER in	169	case $GCC_VER in
@@ -680,6 +710,22 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
680	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],	710	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
681	[Prepend the address family to IP tunnel traffic])	711	[Prepend the address family to IP tunnel traffic])
682	fi	712	fi
		713	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h])
		714	AC_CHECK_FUNCS([prctl])
		715	have_seccomp_audit_arch=1
		716	case "$host" in
		717	x86_64-*)
		718	AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_X86_64],
		719	[Specify the system call convention in use])
		720	;;
		721	i86-)
		722	AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_I386],
		723	[Specify the system call convention in use])
		724	;;
		725	*)
		726	have_seccomp_audit_arch=0
		727	;;
		728	esac
683	;;	729	;;
684	mips-sony-bsd\|mips-sony-newsos4)	730	mips-sony-bsd\|mips-sony-newsos4)
685	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])	731	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
@@ -1148,9 +1194,13 @@ AC_CHECK_FUNCS([utimes],
1148		1194
1149	dnl Checks for libutil functions	1195	dnl Checks for libutil functions
1150	AC_CHECK_HEADERS([libutil.h])	1196	AC_CHECK_HEADERS([libutil.h])
1151	AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1],	1197	AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1152	[Define if your libraries define login()])])	1198	AC_SEARCH_LIBS([login], [util bsd])
1153	AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp])	1199	AC_SEARCH_LIBS([logout], [util bsd])
		1200	AC_SEARCH_LIBS([logwtmp], [util bsd])
		1201	AC_SEARCH_LIBS([openpty], [util bsd])
		1202	AC_SEARCH_LIBS([updwtmp], [util bsd])
		1203	AC_CHECK_FUNCS([fmt_scaled login logout openpty updwtmp logwtmp])
1154		1204
1155	AC_FUNC_STRFTIME	1205	AC_FUNC_STRFTIME
1156		1206
@@ -1343,6 +1393,41 @@ int deny_severity = 0, allow_severity = 0;
1343	]	1393	]
1344	)	1394	)
1345		1395
		1396	# Check whether user wants to use ldns
		1397	LDNS_MSG="no"
		1398	AC_ARG_WITH(ldns,
		1399	[ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
		1400	[
		1401	if test "x$withval" != "xno" ; then
		1402
		1403	if test "x$withval" != "xyes" ; then
		1404	CPPFLAGS="$CPPFLAGS -I${withval}/include"
		1405	LDFLAGS="$LDFLAGS -L${withval}/lib"
		1406	fi
		1407
		1408	AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
		1409	LIBS="-lldns $LIBS"
		1410	LDNS_MSG="yes"
		1411
		1412	AC_MSG_CHECKING([for ldns support])
		1413	AC_LINK_IFELSE(
		1414	[AC_LANG_SOURCE([[
		1415	#include <stdio.h>
		1416	#include <stdlib.h>
		1417	#include <stdint.h>
		1418	#include <ldns/ldns.h>
		1419	int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
		1420	]])
		1421	],
		1422	[AC_MSG_RESULT(yes)],
		1423	[
		1424	AC_MSG_RESULT(no)
		1425	AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
		1426	])
		1427	fi
		1428	]
		1429	)
		1430
1346	# Check whether user wants libedit support	1431	# Check whether user wants libedit support
1347	LIBEDIT_MSG="no"	1432	LIBEDIT_MSG="no"
1348	AC_ARG_WITH([libedit],	1433	AC_ARG_WITH([libedit],
@@ -1422,6 +1507,11 @@ AC_ARG_WITH([audit],
1422	# These are optional	1507	# These are optional
1423	AC_CHECK_FUNCS([getaudit_addr aug_get_machine])	1508	AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1424	AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])	1509	AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
		1510	if test "$sol2ver" -eq 11; then
		1511	SSHDLIBS="$SSHDLIBS -lscf"
		1512	AC_DEFINE([BROKEN_BSM_API], [1],
		1513	[The system has incomplete BSM API])
		1514	fi
1425	;;	1515	;;
1426	linux)	1516	linux)
1427	AC_MSG_RESULT([linux])	1517	AC_MSG_RESULT([linux])
@@ -1490,7 +1580,6 @@ AC_CHECK_FUNCS([ \
1490	nsleep \	1580	nsleep \
1491	ogetaddrinfo \	1581	ogetaddrinfo \
1492	openlog_r \	1582	openlog_r \
1493	openpty \
1494	poll \	1583	poll \
1495	prctl \	1584	prctl \
1496	pstat \	1585	pstat \
@@ -1525,6 +1614,7 @@ AC_CHECK_FUNCS([ \
1525	strlcat \	1614	strlcat \
1526	strlcpy \	1615	strlcpy \
1527	strmode \	1616	strmode \
		1617	strnlen \
1528	strnvis \	1618	strnvis \
1529	strptime \	1619	strptime \
1530	strtonum \	1620	strtonum \
@@ -2192,7 +2282,7 @@ AC_LINK_IFELSE(
2192	]	2282	]
2193	)	2283	)
2194		2284
2195	AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method])	2285	AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init])
2196		2286
2197	AC_ARG_WITH([ssl-engine],	2287	AC_ARG_WITH([ssl-engine],
2198	[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],	2288	[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
@@ -2500,7 +2590,7 @@ AC_SUBST([SSH_PRIVSEP_USER])
2500	# Decide which sandbox style to use	2590	# Decide which sandbox style to use
2501	sandbox_arg=""	2591	sandbox_arg=""
2502	AC_ARG_WITH([sandbox],	2592	AC_ARG_WITH([sandbox],
2503	[ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace)],	2593	[ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)],
2504	[	2594	[
2505	if test "x$withval" = "xyes" ; then	2595	if test "x$withval" = "xyes" ; then
2506	sandbox_arg=""	2596	sandbox_arg=""
@@ -2523,6 +2613,23 @@ elif test "x$sandbox_arg" = "xdarwin" \|\| \
2523	AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])	2613	AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
2524	SANDBOX_STYLE="darwin"	2614	SANDBOX_STYLE="darwin"
2525	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])	2615	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
		2616	elif test "x$sandbox_arg" = "xseccomp_filter" \|\| \
		2617	( test -z "$sandbox_arg" && \
		2618	test "x$have_seccomp_filter" == "x1" && \
		2619	test "x$ac_cv_header_linux_audit_h" = "xyes" && \
		2620	test "x$have_seccomp_audit_arch" = "x1" && \
		2621	test "x$have_linux_no_new_privs" = "x1" && \
		2622	test "x$ac_cv_func_prctl" = "xyes" ) ; then
		2623	test "x$have_seccomp_audit_arch" != "x1" && \
		2624	AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
		2625	test "x$have_linux_no_new_privs" != "x1" && \
		2626	AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
		2627	test "x$have_seccomp_filter" != "x1" && \
		2628	AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
		2629	test "x$ac_cv_func_prctl" != "xyes" && \
		2630	AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
		2631	SANDBOX_STYLE="seccomp_filter"
		2632	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
2526	elif test "x$sandbox_arg" = "xrlimit" \|\| \	2633	elif test "x$sandbox_arg" = "xrlimit" \|\| \
2527	( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then	2634	( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
2528	test "x$ac_cv_func_setrlimit" != "xyes" && \	2635	test "x$ac_cv_func_setrlimit" != "xyes" && \
@@ -2546,7 +2653,6 @@ fi
2546	AC_CHECK_TYPES([long long, unsigned long long, long double])	2653	AC_CHECK_TYPES([long long, unsigned long long, long double])
2547		2654
2548	# Check datatype sizes	2655	# Check datatype sizes
2549	AC_CHECK_SIZEOF([char], [1])
2550	AC_CHECK_SIZEOF([short int], [2])	2656	AC_CHECK_SIZEOF([short int], [2])
2551	AC_CHECK_SIZEOF([int], [4])	2657	AC_CHECK_SIZEOF([int], [4])
2552	AC_CHECK_SIZEOF([long int], [4])	2658	AC_CHECK_SIZEOF([long int], [4])