[openssh-commits] [openssh] branch master updated: Remove references to systrace and pledge sandboxes.

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Oct 18 13:39:04 AEDT 2024 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new be27770e Remove references to systrace and pledge sandboxes.
be27770e is described below

commit be27770e840c4dd9d9fcad1aa879400c727d7c2f
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Fri Oct 18 13:37:55 2024 +1100

    Remove references to systrace and pledge sandboxes.
    
    ok djm@
---
 configure.ac       | 21 ++-------------------
 sandbox-pledge.c   |  0
 sandbox-systrace.c |  0
 3 files changed, 2 insertions(+), 19 deletions(-)

diff --git a/configure.ac b/configure.ac
index 591d5a38..97e4ee57 100644
--- a/configure.ac
+++ b/configure.ac
@@ -114,11 +114,6 @@ AC_C_INLINE
 
 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
 AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
-AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
-	#include <sys/types.h>
-	#include <sys/param.h>
-	#include <dev/systrace.h>
-])
 AC_CHECK_DECL([RLIMIT_NPROC],
     [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
 	#include <sys/types.h>
@@ -3614,7 +3609,7 @@ AC_CHECK_TYPES([nfds_t], , , [
 # Decide which sandbox style to use
 sandbox_arg=""
 AC_ARG_WITH([sandbox],
-	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
+	[  --with-sandbox=style    Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter)],
 	[
 		if test "x$withval" = "xyes" ; then
 			sandbox_arg=""
@@ -3731,19 +3726,7 @@ if test "x$sandbox_arg" != "xno"; then
     )
 fi
 
-if test "x$sandbox_arg" = "xpledge" || \
-   ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
-	test "x$ac_cv_func_pledge" != "xyes" && \
-		AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
-	SANDBOX_STYLE="pledge"
-	AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
-elif test "x$sandbox_arg" = "xsystrace" || \
-   ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
-	test "x$have_systr_policy_kill" != "x1" && \
-		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
-	SANDBOX_STYLE="systrace"
-	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
-elif test "x$sandbox_arg" = "xdarwin" || \
+if test "x$sandbox_arg" = "xdarwin" || \
      ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
        test "x$ac_cv_header_sandbox_h" = "xyes") ; then
 	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
diff --git a/sandbox-pledge.c b/sandbox-pledge.c
deleted file mode 100644
index e69de29b..00000000
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
deleted file mode 100644
index e69de29b..00000000

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list