diff options
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index abd912f5a..f14e177fc 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $Id: configure.ac,v 1.549 2014/01/17 04:12:16 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.550 2014/01/17 05:47:04 djm Exp $ |
| 2 | # | 2 | # |
| 3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
| 4 | # | 4 | # |
| @@ -15,7 +15,7 @@ | |||
| 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | 16 | ||
| 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
| 18 | AC_REVISION($Revision: 1.549 $) | 18 | AC_REVISION($Revision: 1.550 $) |
| 19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
| 20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
| 21 | 21 | ||
| @@ -120,6 +120,10 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ | |||
| 120 | #include <sys/types.h> | 120 | #include <sys/types.h> |
| 121 | #include <linux/prctl.h> | 121 | #include <linux/prctl.h> |
| 122 | ]) | 122 | ]) |
| 123 | AC_CHECK_DECL([cap_enter], [have_cap_enter=1], , [ | ||
| 124 | #include <sys/capability.h> | ||
| 125 | ]) | ||
| 126 | |||
| 123 | use_stack_protector=1 | 127 | use_stack_protector=1 |
| 124 | use_toolchain_hardening=1 | 128 | use_toolchain_hardening=1 |
| 125 | AC_ARG_WITH([stackprotect], | 129 | AC_ARG_WITH([stackprotect], |
| @@ -2835,7 +2839,7 @@ fi | |||
| 2835 | # Decide which sandbox style to use | 2839 | # Decide which sandbox style to use |
| 2836 | sandbox_arg="" | 2840 | sandbox_arg="" |
| 2837 | AC_ARG_WITH([sandbox], | 2841 | AC_ARG_WITH([sandbox], |
| 2838 | [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)], | 2842 | [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], |
| 2839 | [ | 2843 | [ |
| 2840 | if test "x$withval" = "xyes" ; then | 2844 | if test "x$withval" = "xyes" ; then |
| 2841 | sandbox_arg="" | 2845 | sandbox_arg="" |
| @@ -2974,6 +2978,13 @@ elif test "x$sandbox_arg" = "xrlimit" || \ | |||
| 2974 | AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) | 2978 | AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) |
| 2975 | SANDBOX_STYLE="rlimit" | 2979 | SANDBOX_STYLE="rlimit" |
| 2976 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) | 2980 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) |
| 2981 | elif test "x$sandbox_arg" = "xcapsicum" || \ | ||
| 2982 | ( test -z "$sandbox_arg" && \ | ||
| 2983 | test "x$have_cap_enter" = "x1") ; then | ||
| 2984 | test "x$have_cap_enter" != "x1" && \ | ||
| 2985 | AC_MSG_ERROR([capsicum sandbox requires cap_enter function]) | ||
| 2986 | SANDBOX_STYLE="capsicum" | ||
| 2987 | AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) | ||
| 2977 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | 2988 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ |
| 2978 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then | 2989 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then |
| 2979 | SANDBOX_STYLE="none" | 2990 | SANDBOX_STYLE="none" |