diff options
author | Colin Watson <cjwatson@debian.org> | 2012-05-26 01:44:40 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2012-05-26 01:44:40 +0100 |
commit | 15784261dfaece73ef53f5beb5d3917a95dc1ae4 (patch) | |
tree | c39ee6c8ff10efca0e0060d6db07780667832eeb /ssh-sandbox.h | |
parent | 9fce61538243d8d04d6cf174e118df6c4ece351d (diff) |
Add a sandbox fallback mechanism, so that behaviour on Linux depends on
whether the running system's kernel has seccomp_filter support, not the
build system's kernel (forwarded upstream as
https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
Diffstat (limited to 'ssh-sandbox.h')
-rw-r--r-- | ssh-sandbox.h | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/ssh-sandbox.h b/ssh-sandbox.h index dfecd5aa0..7ee4460d8 100644 --- a/ssh-sandbox.h +++ b/ssh-sandbox.h | |||
@@ -15,9 +15,24 @@ | |||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | */ | 16 | */ |
17 | 17 | ||
18 | struct ssh_sandbox; | 18 | typedef struct Sandbox Sandbox; |
19 | 19 | ||
20 | struct ssh_sandbox *ssh_sandbox_init(void); | 20 | struct Sandbox { |
21 | void ssh_sandbox_child(struct ssh_sandbox *); | 21 | const char *name; |
22 | void ssh_sandbox_parent_finish(struct ssh_sandbox *); | 22 | int (*probe)(void); |
23 | void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); | 23 | void *(*init)(void); |
24 | void (*child)(void *); | ||
25 | void (*parent_finish)(void *); | ||
26 | void (*parent_preauth)(void *, pid_t); | ||
27 | }; | ||
28 | |||
29 | void *ssh_sandbox_init(void); | ||
30 | void ssh_sandbox_child(void *); | ||
31 | void ssh_sandbox_parent_finish(void *); | ||
32 | void ssh_sandbox_parent_preauth(void *, pid_t); | ||
33 | |||
34 | extern Sandbox ssh_sandbox_systrace; | ||
35 | extern Sandbox ssh_sandbox_darwin; | ||
36 | extern Sandbox ssh_sandbox_seccomp_filter; | ||
37 | extern Sandbox ssh_sandbox_rlimit; | ||
38 | extern Sandbox ssh_sandbox_null; | ||