FreeBSD capsicum / timezones
Ed Maste
emaste at freebsd.org
Mon Apr 18 08:00:11 AEST 2022
Part of FreeBSD commit r339216 / fc3c19a9fceeea48a9259ac3833a125804342c0e
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
caph_cache_tzdata exists in all supported FreeBSD versions (12.0+, and
11.2 and later), although I suspect there is a desire to build OpenSSH
on older versions as well. This could be addressed with an autoconf
check for the existence of capsicum_helpers.h -- I'll create a patch
for that, if desired.
diff --git a/crypto/openssh/sandbox-capsicum.c
b/crypto/openssh/sandbox-capsicum.c
index 5f41d526292b..f728abd18250 100644
--- a/crypto/openssh/sandbox-capsicum.c
+++ b/crypto/openssh/sandbox-capsicum.c
@@ -31,6 +31,7 @@ __RCSID("$FreeBSD$");
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <capsicum_helpers.h>
#include "log.h"
#include "monitor.h"
@@ -71,6 +72,8 @@ ssh_sandbox_child(struct ssh_sandbox *box)
struct rlimit rl_zero;
cap_rights_t rights;
+ caph_cache_tzdata();
+
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
More information about the openssh-unix-dev
mailing list