diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-03-06 17:48:48 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-03-06 17:48:48 +1100 |
commit | ff008ded7f9641c03fcbe44aedb51040e04c93e5 (patch) | |
tree | b770bef9fe9648b858ab9905fa76b34d3c52d501 /configure.ac | |
parent | 834a0d6d541faf7d8e8aa8116eaf594746239275 (diff) |
- (dtucker) [configure.ac] test that we can set number of file descriptors
to zero with setrlimit before enabling the rlimit sandbox. This affects
(at least) HPUX 11.11.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index bd8b21d6..ccf3373b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.511 2013/03/05 08:57:39 dtucker Exp $ +# $Id: configure.ac,v 1.512 2013/03/06 06:48:48 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.511 $) +AC_REVISION($Revision: 1.512 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2690,6 +2690,32 @@ AC_RUN_IFELSE( [AC_MSG_WARN([cross compiling: assuming yes])] ) +AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) +AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include <sys/types.h> +#ifdef HAVE_SYS_TIME_H +# include <sys/time.h> +#endif +#include <sys/resource.h> +#include <errno.h> +#include <stdlib.h> + ]],[[ + struct rlimit rl_zero; + int fd, r; + fd_set fds; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + r = setrlimit(RLIMIT_NOFILE, &rl_zero); + exit (r == -1 ? 1 : 0); + ]])], + [AC_MSG_RESULT([yes]) + rlimit_nofile_zero_works=yes], + [AC_MSG_RESULT([no]) + rlimit_nofile_zero_works=no], + [AC_MSG_WARN([cross compiling: assuming yes])] +) + AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ @@ -2744,7 +2770,8 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \ AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) elif test "x$sandbox_arg" = "xrlimit" || \ ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ - test "x$select_works_with_rlimit" = "xyes" ) ; then + test "x$select_works_with_rlimit" = "xyes" && \ + test "x$rlimit_nofile_zero_works" = "xyes" ) ; then test "x$ac_cv_func_setrlimit" != "xyes" && \ AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) test "x$select_works_with_rlimit" != "xyes" && \ |