-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add linux support #4
Closed
Closed
Changes from 5 commits
Commits
Show all changes
201 commits
Select commit
Hold shift + click to select a range
861d30f
Add configure script
Duncaen a424761
Sync doas.c
Duncaen e0dd9ee
Actually open pam sessions
Duncaen 2d34633
Add more compatibility functions for linux support
Duncaen 8558e5d
Testing only seccomp pledge
Duncaen 673f187
Fix typos and configure pledge detection
Duncaen 5af624a
Enable style option only if bsd_auth.h is available
Duncaen 33e3630
Add proper pam session handling
Duncaen e246f9e
configure: tune up a little bit
c387f2c
set PAM_USER, PAM_RUSER and PAM_TTY if available
Duncaen 09843fc
Simply install and move version to configure script
Duncaen 9972a8e
Fix horrible mistake
Duncaen ba41f89
fix make install
e18b632
Merge pull request #4 from frgm/master
Duncaen eb33da1
More configure and make cleanup
Duncaen cbae406
Make pam session handling more failsafe
Duncaen 1200408
Add doas style prompt for pam authentication
Duncaen 82fa799
bsd.prog.mk: add "uninstall" target
0f13894
fix configure script
c05b37b
Merge pull request #7 from frgm/master
Duncaen e60457f
remove nonstandard sys/cdefs.h
Duncaen e4bf599
check return value of setresuid
Duncaen a55cefe
remove version.h and define VERSION in configure script
Duncaen 7f11114
sync with upstream (setenv)
Duncaen e939687
fix ld and cflags
Duncaen 5c50281
add more restrictive permissions and root:root as owner for binary
Duncaen 63a642e
bump version to 0.2
Duncaen 21c6e42
Revert "sync with upstream (setenv)"
Duncaen 4f7ed38
open pam sessions with right user and remove setusercontext shim
Duncaen f577047
remove pledge seccomp shim
Duncaen 2a5702a
specify that default is deny if no rule matches
268a284
clarify some wording
9278ac5
don't use specified twice in a sentence, noticed by jmc
1a0ed98
the environment handling code was showing its age. just because envir…
a3ceebb
Move the RB_ code from doas.h to env.c, and limit the environment int…
03b3cb7
import sys-tree.h from openssh-portable
Duncaen 0473a9b
rename doas_pam.c to pam.c
Duncaen f4a7d36
some more cleanup and refactoring of pam code
Duncaen 788dd4b
fix err messages
Duncaen e88a009
add --without-pam configure option to allow passwd/shadow auth
Duncaen 3f6bcba
bump version 0.3
Duncaen e0c0b37
remove unnecessary warning output
Duncaen 1606730
remove pam_timestamp from pam config
Duncaen f30e68c
bump version 0.3.1
Duncaen aedbe76
fix sys/tree.h test
Duncaen c05e559
fix pamcleanup
Duncaen 45d57da
fix --with(out)-pam configure option
Duncaen c88a56c
bump to version v0.3.2
Duncaen 154b849
configure: fix usage() formatting
7c37e22
fix make install
33a5cf1
Merge pull request #8 from frgm/master
Duncaen 555da71
move a space to the correct spot
5e9d768
revise environment handling. Add a setenv keyword for manipulating th…
3460a3c
somehow nopass snuck onto the :wheel example. i think it's better wit…
7bdae50
minor tweaks; ok tedu
03b7619
minor tweaks
Duncaen 6ed45e5
use posix correct optstring
Duncaen 6ec218c
add "recvfd" to doas(1) for use with skey.
24c9841
The string with path to shell could be taken directly from struct pas…
b3a6a29
configure: error out if no authentication found and fix default CC
Duncaen 3611050
minor configure tweaks
Duncaen fc4df78
Print -a flag in usage() only if HAVE_BSD_AUTH_H
phikal 01a8fd6
Add closefrom(2) from openssh-portable
Duncaen 5a7014d
bump version to v6.0
Duncaen 33d4bf7
move the authentication code to a function
3d4da2d
unconst these parameters; i won't be changing bsd auth today.
27235dd
add support for the verified auth ioctls using 'persist' rules. ok de…
f9b39a6
clarify that -L will exit without running a command.
30bd833
the sudo timeout was 5 minutes i believe, so we'll match that.
f5f27a8
don't allow combining nopass and persist in a single rule
380865b
-L means no command
b7e6671
use static in the right places to seperate modules better ok tedu
be66392
as a result of the env rework, arraylen() is only used in parse.y. mo…
a6f4fdf
move yyparse decl next to yyfp
25cd404
Add back the call to yyparse() that was accidentally dropped in the p…
293637b
missing semicolon at end of rule. yacc doesn't seem to mind, though. …
8150cd4
Be more explicit about the "args" syntax. In part from a patch from A…
75ec7b4
it has been six months and two days... remove keepenv { obsolete } sy…
ed8c643
envlist and arglist are both string lists; simplify ok benno
97d12a5
add a geteuid check to make sure we're root before plowing into setau…
998d490
simplify example. list of ports variables was non-exahustive, which m…
7413704
prepenv can take a const rule
f0fa08c
a little const here and there to prevent rules from changing
d8c2180
for password failure, print Authorization failed instead of EPERM. wi…
6d25808
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing…
1aa26de
man pages with pseudo synopses which list filenames end up creating v…
d823683
configure: fix usage
Duncaen 4dc52eb
configure: update version
Duncaen 1899c37
add initial timestamp file support, disabled by default and only with…
Duncaen ec70ae5
persist_timestamp: use /proc/self/stat to get tty_nr
Duncaen 7c364fd
persist_timestamp: cleanup
Duncaen ef627e6
persist_timestamp: don't allow og+rwx permission for timestamp directory
Duncaen 492b5e3
persist_timestamp: use CLOCK_MONOTONIC_RAW
Duncaen c745626
persist_timestamp: make tmpfs requirement optional and only available…
Duncaen 619c319
persist_timestamp: add session id to timestamps
Duncaen 7694068
persist_timestamp: use open directory fd to check and work with times…
Duncaen 89c2c8e
persist_timestamp: persist_check was only used internally, make it st…
Duncaen 5054c7a
persist_timestamp: remove goto from persist_open
Duncaen 6cf64c2
persist_timestamp: create timestamp file with O_NOFOLLOW and don't le…
Duncaen c04c64a
persist_timestamp: move timespec macros to libopenbsd
Duncaen 3018a66
persist_timestamp: add start time and document implementation details
Duncaen 4b1b24b
pam: check watch child pid
Duncaen badba30
not necessarily the same name, but the indicated name
3f3c502
lowercase doas ee cummings style
9d63eb3
doas.c: put login_style in ifdef to compile on Linux
dbac3f3
adjust yyerror() to precede with "progname: " the error message string
gleydsonsoares 6123150
libopenbsd/readpassphrase: update to latest version from openssh-port…
Duncaen 365f922
libopenbsd/closefrom: correctly handle snprintf truncation
Duncaen 77e474f
doas: remove v flag, not neccessary, upstream doesn't have it and __D…
Duncaen 3df7947
doas: remove unnecessary configure checks, move shadow to its own file
Duncaen bf8b7be
libopenbsd: minor cleanup
Duncaen 331dda0
timestamp: rename and simplify
Duncaen ed7fb0a
pam: add timestamp support
Duncaen 39c5d01
Do for most running out of memory err() what was done for most runnin…
37bd661
clear the password even after a mismatch
a283d2f
shadow: clear the password even after a mismatch
Duncaen 8872767
configure: list --with-timestamp in help, since without is default
55c5e6b
Add generated file parse.c to .gitignore and 'make clean'
38e072b
shadow: clear phassphrase earlier
Duncaen 8b2a776
pam: close timestamp fd in both both processes
Duncaen fe5ec57
timestamp: error out if fstat and lstat st_ino and st_dev are not the…
Duncaen 8cba47c
libopenbsd/closefrom.c: sync with sudo
Duncaen 346e58e
libopenbsd: remove MacOSX compat functions, its not supported anyways
Duncaen a1d5a98
README.md: update the readme to match the current state
Duncaen 9a9495d
libopenbsd/closefrom.c: remove config.h include
Duncaen dd13658
use getpwuid_r to avoid problems with hidden static storage. ok deraa…
dbc7d06
a few cleanups and simplifications possible now that static pw is gon…
01c658f
redo the environment inheritance to not inherit. it was intended to m…
55adb00
always reset the "su" variables, which is more consistent and predict…
78ab134
mention environment resetting here as well. ok millert
2103dd5
setusercontext resets PATH (which we want). but then it becomes impos…
2da129d
mention that doas(1) resets the umask(2); OK tedu@
025db69
more precisely describe what happens to the environment without keepe…
45b802a
tweak wording a bit. always talk about creating a new environment. al…
3f08ab4
add an example hint that shows how original path can be retained
6d8f0e6
fix some more fallout from setting path in setusercontext. restore pr…
f94cf30
snprintf/vsnprintf return < 0 on error, rather than -1.
ae7c4ba
note that authentication is required, unless otherwise configured. ok…
4356cb6
fix one last edge case regarding PATH, allows simpler config.
3916903
fixup unveil
Duncaen 96d7807
correct some unveil(2) violations due to "login.conf.db" access (the …
3dac6fb
add some checks to avoid UID_MAX (-1) here. this is not problematic w…
ea76157
configure: make {UID,GID}_MAX configurable
Duncaen 9be2d26
timestamp: simplify
Duncaen 74449f0
doas.c: remove dead ifdefs to unclutter code
Duncaen 84ce5c7
configure: remove version
Duncaen 1fae30e
Change binary permissions to 4755. Closes #26
escondida 5dc1cde
libopenbsd: define __dead as noreturn
Duncaen 22370cb
doas.c: initialize mygetpwuid_r result
Duncaen 78c1c0f
timestamp.c: already return on 22th field of /proc/ppid/stat
Duncaen 05f9777
timestamp.c: add some more error/warning messages
Duncaen 5debef0
timestamp.c: correctly NUL terminate buffer read from /proc/pid/stat
Duncaen 31d95b9
timestamp.c: check fstat(2) instead of separate stat(2)
Duncaen 50a47d3
timestamp.c: remove warning for normal case
Duncaen 84ccfe0
Honor --sysconfdir option for doas.conf path.
snimmagadda b1ae418
Fallback definition for HOST_NAME_MAX.
snimmagadda 25b1f36
briefly mention /etc/examples/ in the FILES section of all the manual…
1ae5587
list example files in FILES with a short description: generally, "Exa…
7441dfc
Improve error message on missing permission
1530e7a
Add nolog option to avoid syslog(3)
bfea01b
fix SEE ALSO;
fd03103
check for login_cap.h and use setusercontext if available
Duncaen 46a5abc
move HOST_NAME_MAX to the top and add it to shadow.c
Duncaen 4daae4a
opendoas: Fallback for setresuid(2).
snimmagadda a3264b9
use config.h and link objects instead of libopenbsd.a
Duncaen 22b6897
libopenbsd: clean up readpassphrase compat and fix ifdefs
Duncaen 0a42dd6
remove includes.h and move the prototypes to doas.h
Duncaen b38cfb8
pam.c: remove dead assignment
Duncaen 46db70a
pam.c: free rsp in case of failure
Duncaen 13660d7
set _OPENBSD_SOURCE on NetBSD
Duncaen ea3dfc9
link libutil for setusercontext on NetBSD
Duncaen af676f5
fix portability issues with configure script
Duncaen 9bfe647
configure: define CURDIR for all targets
Duncaen b82ffa6
simplify makefile
Duncaen 5310da9
add back execvpe fallback
Duncaen b324c30
libopenbsd/closefrom.h: include path.h for _PATH_DEV on MacOSX
Duncaen 049eedb
configure: don't set --no-as-needed on MacOSX while running checks
Duncaen 378157c
use wheel group on MacOSX
Duncaen 790aab4
add pam.d file for MacOSX
Duncaen 46d2543
configure: add freebsd support
Duncaen 17629b9
configure: add setresgid, setreuid and setregid checks
Duncaen 29123f7
configure: fix verrc check
Duncaen d67caab
configure: use LDLIBS instead of setting LDFLAGS
Duncaen dc56c2f
pam.d: include system-auth for auth, account and session
Duncaen b3e966b
configure: respect environment and make CFLAGS
Duncaen a1ab056
pam: use PAM_REINITIALIZE_CRED
Duncaen 31abd37
remove unused pam.d file
Duncaen 36cc28e
increment the line number after the line continuation; ok tedu
01ac841
after reading a too long line, restart at the beginning of the buffer so
d5acd52
correctly reset path for rules without specific command
Duncaen 6e3c6ba
Be more explicit by stating that the -n flag is linked to the nopass …
e8e8713
s/authorization/authentication/g
2d7431c
Promote nrules/maxrules to size_t and make sure they can't overflow. …
454489f
espie reminds me that EOF can happen for errors as well, so check for…
24b1a95
apply missing man page changes
Duncaen cfa9f0d
remove pam.d configuration files
Duncaen 9474e41
Replace build/installation instructions with discouragements
Duncaen adeb56b
fixed typo in README.md
qbe 9a25a6d
fix some wording in README.md
Duncaen 6266763
Fix: improve formatting and add Wikipedia reference.
mlavi b96106b
pam: always print pam_conv messages to stderr
Duncaen File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,3 +8,5 @@ version.h | |
|
||
*.swp | ||
*.swo | ||
|
||
config.mk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,300 @@ | ||
#!/bin/sh | ||
|
||
for x; do | ||
opt=${x%%=*} | ||
var=${x#*=} | ||
case "$opt" in | ||
--enable-debug) DEBUG=yes;; | ||
--prefix) PREFIX=$var;; | ||
--exec-prefix) EPREFIX=$var;; | ||
--bindir) BINDIR=$var;; | ||
--mandir) MANDIR=$var;; | ||
--datadir) SHAREDIR=$var;; | ||
--build) BUILD=$var;; | ||
--host) HOST=$var;; | ||
--target) TARGET=$var;; | ||
--includedir) INCLUDEDIR=$var;; | ||
--sysconfdir) SYSCONFDIR=$var;; | ||
--pamdir) PAMDIR=$var;; | ||
--localstatedir) LOCALSTATEDIR=$var;; | ||
--libdir) LIBDIR=$var;; | ||
--datadir|--infodir) ;; # ignore autotools | ||
--verbose) unset SILENT;; | ||
--pkgconfigdir) PKGCONFIGDIR=$var;; | ||
--enable-static) BUILD_STATIC=yes;; | ||
--enable-seccomp) BUILD_SECCOMP=yes;; | ||
--help) usage;; | ||
*) echo "$0: WARNING: unknown option $opt" >&2;; | ||
esac | ||
done | ||
|
||
CONFIG_MK=config.mk | ||
rm -f "$CONFIG_MK" | ||
|
||
cat <<EOF >>$CONFIG_MK | ||
DESTDIR ?= / | ||
PREFIX ?= ${PREFIX:="/usr"} | ||
EPREFIX ?= ${EPREFIX:="${PREFIX}"} | ||
SHAREDIR ?= ${SHAREDIR:="${PREFIX}/share"} | ||
BINDIR ?= ${BINDIR:="${PREFIX}/bin"} | ||
MANDIR ?= ${MANDIR:="${SHAREDIR}/man"} | ||
SYSCONFDIR?= ${SYSCONFDIR:="/etc"} | ||
PAMDIR ?= ${PAMDIR:="${SYSCONFDIR}/pam.d"} | ||
EOF | ||
|
||
if [ -z "$BUILD" ]; then | ||
BUILD="$(uname -m)-unknown-$(uname -s | tr '[:upper:]' '[:lower:]')" | ||
fi | ||
if [ -z "$HOST" ]; then | ||
[ -z "$TARGET" ] && TARGET=$BUILD | ||
HOST=$TARGET | ||
fi | ||
if [ -z "$TARGET" ]; then | ||
[ -z "$HOST" ] && HOST=$BUILD | ||
TARGET=$HOST | ||
fi | ||
|
||
if [ -z "$OS" ]; then | ||
# Derive OS from cpu-manufacturer-os-kernel | ||
CPU=${TARGET%%-*} | ||
REST=${TARGET#*-} | ||
MANU=${REST%%-*} | ||
REST=${REST#*-} | ||
OS=${REST%%-*} | ||
REST=${REST#*-} | ||
KERNEL=${REST%%-*} | ||
fi | ||
|
||
case "$OS" in | ||
linux) | ||
OS_CFLAGS="-D_DEFAULT_SOURCE -D_GNU_SOURCE -DUID_MAX=60000 -DGID_MAX=60000" | ||
printf 'CURDIR := .\n' >>$CONFIG_MK | ||
printf 'PAM_DOAS = pam.d__doas__linux\n' >>$CONFIG_MK | ||
;; | ||
esac | ||
|
||
[ -n "$OS_CFLAGS" ] && \ | ||
printf 'CFLAGS += %s\n' "$OS_CFLAGS" >>$CONFIG_MK | ||
|
||
# Add CPPFLAGS/CFLAGS/LDFLAGS to CC for testing features | ||
XCC="${CC:=clang} $CFLAGS $OS_CFLAGS $CPPFLAGS $LDFLAGS" | ||
# Make sure to disable --as-needed for CC tests. | ||
XCC="$XCC -Wl,--no-as-needed" | ||
|
||
check_func() { | ||
func="$1"; src="$2"; shift 2 | ||
printf 'Checking for %-14s\t\t' "$func ..." | ||
printf '%s\n' "$src" >"_$func.c" | ||
if $XCC "_$func.c" -o "_$func" 2>/dev/null; then | ||
printf 'yes.\n' | ||
upperfunc="$(printf '%s\n' "$func" | tr '[[:lower:]]' '[[:upper:]]')" | ||
printf 'CFLAGS += -DHAVE_%s\n' "$upperfunc" >>$CONFIG_MK | ||
else | ||
printf 'no.\n' | ||
fi | ||
rm -f "_$func.c" "_$func" | ||
} | ||
|
||
src=' | ||
#include <string.h> | ||
int main(void) { | ||
explicit_bzero(NULL, 0); | ||
return 0; | ||
}' | ||
check_func "explicit_bzero" "$src" || { | ||
printf 'OPENBSD += explicit_bzero.c\n' >>$CONFIG_MK | ||
} | ||
|
||
|
||
# | ||
# Check for strlcat(). | ||
# | ||
src=' | ||
#include <string.h> | ||
int main(void) { | ||
const char s1[] = "foo"; | ||
char s2[10]; | ||
strlccat(s2, s1, sizeof(s2)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
return 0; | ||
}' | ||
check_func "strlcat" "$src" || { | ||
printf 'OPENBSD += strlcat.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for strlcpy(). | ||
# | ||
src=' | ||
#include <string.h> | ||
int main(void) { | ||
const char s1[] = "foo"; | ||
char s2[10]; | ||
strlcpy(s2, s1, sizeof(s2)); | ||
return 0; | ||
}' | ||
check_func "strlcpy" "$src" || { | ||
printf 'OPENBSD += strlcpy.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for errc(). | ||
# | ||
src=' | ||
#include <err.h> | ||
int main(void) { | ||
errc(0, 0, ""); | ||
return 0; | ||
}' | ||
check_func "errc" "$src" || { | ||
printf 'OPENBSD += errc.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for verrc(). | ||
# | ||
src=' | ||
#include <err.h> | ||
int main(void) { | ||
verrc(0, 0, ""); | ||
return 0; | ||
}' | ||
check_func "verrc" "$src" || { | ||
printf 'OPENBSD += verrc.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for setprogname(). | ||
# | ||
src=' | ||
#include <stdlib.h> | ||
int main(void) { | ||
setprogname(""); | ||
return 0; | ||
}' | ||
check_func "setprogname" "$src" || { | ||
printf 'OPENBSD += progname.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for readpassphrase(). | ||
# | ||
src=' | ||
#include <readpassphrase.h> | ||
int main(void) { | ||
char buf[12]; | ||
readpassphrase("", buf, sizeof(buf), 0); | ||
return 0; | ||
}' | ||
check_func "readpassphrase" "$src" || { | ||
printf 'OPENBSD += readpassphrase.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for strtonum(). | ||
# | ||
src=' | ||
#include <stdlib.h> | ||
int main(void) { | ||
const char *errstr; | ||
strtonum("", 1, 64, &errstr); | ||
return 0; | ||
}' | ||
check_func "strtonum" "$src" || { | ||
printf 'OPENBSD += strtonum.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for reallocarray(). | ||
# | ||
src=' | ||
#include <stdlib.h> | ||
int main(void) { | ||
reallocarray(NULL, 0, 0); | ||
return 0; | ||
}' | ||
check_func "reallocarray" "$src" || { | ||
printf 'OPENBSD += reallocarray.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for bsd_auth.h. | ||
# | ||
src=' | ||
#include <bsd_auth.h> | ||
int main(void) { | ||
return 0; | ||
}' | ||
check_func "bsd_auth_h" "$src" || { | ||
printf 'OPENBSD += auth_userokay.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for login_cap.h. | ||
# | ||
src=' | ||
#include <login_cap.h> | ||
int main(void) { | ||
return 0; | ||
}' | ||
check_func "login_cap_h" "$src" || { | ||
printf 'OPENBSD += setusercontext.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for execvpe(). | ||
# | ||
src=' | ||
#include <unistd.h> | ||
int main(void) { | ||
const char *p = { "", NULL }; | ||
execvpe("", p, p); | ||
return 0; | ||
}' | ||
check_func "execvpe" "$src" || { | ||
printf 'OPENBSD += execvpe.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for setresuid(). | ||
# | ||
src=' | ||
#include <unistd.h> | ||
int main(void) { | ||
setresuid(0, 0, 0); | ||
return 0; | ||
}' | ||
check_func "setresuid" "$src" || { | ||
printf 'OPENBSD += setresuid.c\n' >>$CONFIG_MK | ||
} | ||
|
||
# | ||
# Check for pledge(). | ||
# | ||
src=' | ||
#include <unistd.h> | ||
int main(void) { | ||
pledge("", NULL); | ||
return 0; | ||
}' | ||
check_func "pledge" "$src" && { | ||
have_pledge=1 | ||
} | ||
|
||
# | ||
# Check for seccomp.h | ||
# | ||
src=' | ||
#include <linux/seccomp.h> | ||
#include <sys/prctl.h> | ||
#include <unistd.h> | ||
int main(void) { | ||
prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL); | ||
return 0; | ||
}' | ||
if [ -n "$have_pledge" -a -n "$BUILD_SECCOMP" ]; then | ||
check_func "seccomp_h" "$src" && { | ||
printf 'OPENBSD += pledge-seccomp.c\n' >>$CONFIG_MK | ||
} | ||
elif [ -n "$have_pledge" ]; then | ||
printf 'OPENBSD += pledge-noop.c\n' >>$CONFIG_MK | ||
fi |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DESTRDIR
?