diff options
| author | Damien Miller <djm@mindrot.org> | 2014-01-25 13:12:28 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-01-25 13:12:28 +1100 |
| commit | c96d85376d779b6ac61525b5440010d344d2f23f (patch) | |
| tree | 31ada9d348dd087092cb4c4d947a61dadae5a3bd | |
| parent | f62ecef9939cb3dbeb10602fd705d4db3976d822 (diff) | |
- (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
sys/capability.h exists and cap_rights_limit is in libc. Fixes
build on FreeBSD9x which provides the header but not the libc
support.
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | configure.ac | 18 |
2 files changed, 14 insertions, 8 deletions
@@ -1,5 +1,9 @@ 20130125 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD + - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless + sys/capability.h exists and cap_rights_limit is in libc. Fixes + build on FreeBSD9x which provides the header but not the libc + support. 20130124 - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make diff --git a/configure.ac b/configure.ac index 00ca0fb5..6bf30e82 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.560 2014/01/25 01:34:39 djm Exp $ +# $Id: configure.ac,v 1.561 2014/01/25 02:12:29 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.560 $) +AC_REVISION($Revision: 1.561 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -120,9 +120,6 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ #include <sys/types.h> #include <linux/prctl.h> ]) -AC_CHECK_DECL([cap_enter], [have_cap_enter=1], , [ - #include <sys/capability.h> -]) use_stack_protector=1 use_toolchain_hardening=1 @@ -367,6 +364,7 @@ AC_CHECK_HEADERS([ \ sys/audit.h \ sys/bitypes.h \ sys/bsdtty.h \ + sys/capability.h \ sys/cdefs.h \ sys/dir.h \ sys/mman.h \ @@ -1637,6 +1635,7 @@ AC_CHECK_FUNCS([ \ bcrypt_pbkdf \ bindresvport_sa \ blf_enc \ + cap_rights_limit \ clock \ closefrom \ dirfd \ @@ -3034,9 +3033,12 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \ AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) elif test "x$sandbox_arg" = "xcapsicum" || \ ( test -z "$sandbox_arg" && \ - test "x$have_cap_enter" = "x1") ; then - test "x$have_cap_enter" != "x1" && \ - AC_MSG_ERROR([capsicum sandbox requires cap_enter function]) + test "x$ac_cv_header_sys_capability_h" = "x1" && \ + test "x$ac_cv_func_cap_rights_limit" = "x1") ; then + test "x$ac_cv_header_sys_capability_h" != "x1" && \ + AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) + test "x$ac_cv_func_cap_rights_limit" != "x1" && \ + AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) SANDBOX_STYLE="capsicum" AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) elif test "x$sandbox_arg" = "xrlimit" || \ |