[openssh-commits] [openssh] 01/02: Cache timezone data in capsicum sandbox.
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Apr 23 21:14:20 AEST 2022
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 4cc05de568e1c3edd7834ff3bd9d8214eb34861b
Author: Darren Tucker <dtucker at dtucker.net>
Date: Sat Apr 23 20:17:26 2022 +1000
Cache timezone data in capsicum sandbox.
From emaste at freebsd.org, originally part of FreeBSD commit r339216
/ fc3c19a9 with autoconf bits added by me.
---
configure.ac | 10 +++++++++-
sandbox-capsicum.c | 7 +++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index c285ea32..f25a638e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -504,12 +504,20 @@ AC_CHECK_HEADERS([sys/audit.h], [], [], [
])
# sys/capsicum.h requires sys/types.h
-AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
+AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
])
+AC_MSG_CHECKING([for caph_cache_tzdata])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
+ [[caph_cache_tzdata();]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no]) ]
+)
+
# net/route.h requires sys/socket.h and sys/types.h.
# sys/sysctl.h also requires sys/param.h
AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c
index 883be185..11045251 100644
--- a/sandbox-capsicum.c
+++ b/sandbox-capsicum.c
@@ -29,6 +29,9 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_CAPSICUM_HELPERS_H
+#include <capsicum_helpers.h>
+#endif
#include "log.h"
#include "monitor.h"
@@ -69,6 +72,10 @@ ssh_sandbox_child(struct ssh_sandbox *box)
struct rlimit rl_zero;
cap_rights_t rights;
+#ifdef HAVE_CAPH_CACHE_TZDATA
+ caph_cache_tzdata();
+#endif
+
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list