Add a sandbox fallback mechanism, so that behaviour on Linux depends on

whether the running system's kernel has seccomp_filter support, not the build system's kernel (forwarded upstream as https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
author: Colin Watson <cjwatson@debian.org> 2012-05-26 01:44:40 +0100
committer: Colin Watson <cjwatson@debian.org> 2012-05-26 01:44:40 +0100
commit: 15784261dfaece73ef53f5beb5d3917a95dc1ae4 (patch)
tree: c39ee6c8ff10efca0e0060d6db07780667832eeb /ssh-sandbox.h
parent: 9fce61538243d8d04d6cf174e118df6c4ece351d (diff)
1 files changed, 20 insertions, 5 deletions
diff --git a/ssh-sandbox.h b/ssh-sandbox.h
index dfecd5aa0..7ee4460d8 100644
--- a/ssh-sandbox.h
+++ b/ssh-sandbox.h
@@ -15,9 +15,24 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
-struct ssh_sandbox;
+typedef struct Sandbox Sandbox;
-struct ssh_sandbox *ssh_sandbox_init(void);
+struct Sandbox {
-void ssh_sandbox_child(struct ssh_sandbox *);
+        const char      *name;
-void ssh_sandbox_parent_finish(struct ssh_sandbox *);
+        int             (*probe)(void);
-void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
+        void            *(*init)(void);
+        void            (*child)(void *);
+        void            (*parent_finish)(void *);
+        void            (*parent_preauth)(void *, pid_t);
+};
+void *ssh_sandbox_init(void);
+void ssh_sandbox_child(void *);
+void ssh_sandbox_parent_finish(void *);
+void ssh_sandbox_parent_preauth(void *, pid_t);
+extern Sandbox ssh_sandbox_systrace;
+extern Sandbox ssh_sandbox_darwin;
+extern Sandbox ssh_sandbox_seccomp_filter;
+extern Sandbox ssh_sandbox_rlimit;
+extern Sandbox ssh_sandbox_null;
author	Colin Watson <cjwatson@debian.org>	2012-05-26 01:44:40 +0100
committer	Colin Watson <cjwatson@debian.org>	2012-05-26 01:44:40 +0100
commit	15784261dfaece73ef53f5beb5d3917a95dc1ae4 (patch)
tree	c39ee6c8ff10efca0e0060d6db07780667832eeb /ssh-sandbox.h
parent	9fce61538243d8d04d6cf174e118df6c4ece351d (diff)

diff --git a/ssh-sandbox.h b/ssh-sandbox.h index dfecd5aa0..7ee4460d8 100644 --- a/ssh-sandbox.h +++ b/ssh-sandbox.h
@@ -15,9 +15,24 @@
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/	16	*/
17		17
18	struct ssh_sandbox;	18	typedef struct Sandbox Sandbox;
19		19
20	struct ssh_sandbox *ssh_sandbox_init(void);	20	struct Sandbox {
21	void ssh_sandbox_child(struct ssh_sandbox *);	21	const char *name;
22	void ssh_sandbox_parent_finish(struct ssh_sandbox *);	22	int (*probe)(void);
23	void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);	23	void (init)(void);
		24	void (child)(void );
		25	void (parent_finish)(void );
		26	void (parent_preauth)(void , pid_t);
		27	};
		28
		29	void *ssh_sandbox_init(void);
		30	void ssh_sandbox_child(void *);
		31	void ssh_sandbox_parent_finish(void *);
		32	void ssh_sandbox_parent_preauth(void *, pid_t);
		33
		34	extern Sandbox ssh_sandbox_systrace;
		35	extern Sandbox ssh_sandbox_darwin;
		36	extern Sandbox ssh_sandbox_seccomp_filter;
		37	extern Sandbox ssh_sandbox_rlimit;
		38	extern Sandbox ssh_sandbox_null;