commit: 934734de95f58d8ff35e2a8563dd23b25c27721d
parent fbede2b6b63c357db6cbf1978defaff6594615bc
Author: Michael Forney <mforney@mforney.org>
Date: Tue, 16 Oct 2018 21:00:49 -0700
openssh: Fall back to SANDBOX_RLIMIT when SANDBOX_SECCOMP_FILTER is not supported
Diffstat:
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/pkg/openssh/README.md b/pkg/openssh/README.md
@@ -6,7 +6,7 @@ Generated with
./configure \
--disable-wtmp \
--without-pie \
- CPPFLAGS='-I/src/oasis/out/pkg/zlib' \
+ CPPFLAGS='-I/src/oasis/out/pkg/zlib/include' \
LDFLAGS='-L/src/oasis/out/pkg/libressl -L/src/oasis/out/pkg/openbsd -L/src/oasis/out/pkg/zlib' \
LIBS='-lbsd -lcrypto'
diff --git a/pkg/openssh/config.h b/pkg/openssh/config.h
@@ -552,8 +552,6 @@
/* #undef SANDBOX_DARWIN */
/* #undef SANDBOX_NULL */
/* #undef SANDBOX_PLEDGE */
-/* #undef SANDBOX_RLIMIT */
-#define SANDBOX_SECCOMP_FILTER 1
/* #undef SANDBOX_SKIP_RLIMIT_FSIZE */
/* #undef SANDBOX_SKIP_RLIMIT_NOFILE */
/* #undef SANDBOX_SOLARIS */
diff --git a/pkg/openssh/gen.lua b/pkg/openssh/gen.lua
@@ -1,8 +1,12 @@
local arch = config.target.toolchain:match('[^-]*')
+local archflags = {
+ x86_64='-D SANDBOX_SECCOMP_FILTER=1 -D SECCOMP_AUDIT_ARCH=AUDIT_ARCH_X86_64',
+ aarch64='-D SANDBOX_SECCOMP_FILTER=1 -D SECCOMP_AUDIT_ARCH=AUDIT_ARCH_AARCH64',
+}
cflags{
'-D _XOPEN_SOURCE=600',
'-D _DEFAULT_SOURCE',
- '-D SECCOMP_AUDIT_ARCH=AUDIT_ARCH_'..arch:upper(),
+ archflags[config.target.toolchain:match('[^-]*')] or '-D SANDBOX_RLIMIT=1',
'-I $dir',
'-I $srcdir',
'-I $srcdir/openbsd-compat',
