diff options
| -rw-r--r-- | configure.ac | 10 | ||||
| -rw-r--r-- | sandbox-capsicum.c | 7 |
2 files changed, 16 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index c285ea32..f25a638e 100644 --- a/configure.ac +++ b/configure.ac @@ -504,12 +504,20 @@ AC_CHECK_HEADERS([sys/audit.h], [], [], [ ]) # sys/capsicum.h requires sys/types.h -AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ +AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ #ifdef HAVE_SYS_TYPES_H # include <sys/types.h> #endif ]) +AC_MSG_CHECKING([for caph_cache_tzdata]) +AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], + [[caph_cache_tzdata();]])], + [ AC_MSG_RESULT([yes]) ], + [ AC_MSG_RESULT([no]) ] +) + # net/route.h requires sys/socket.h and sys/types.h. # sys/sysctl.h also requires sys/param.h AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c index 883be185..11045251 100644 --- a/sandbox-capsicum.c +++ b/sandbox-capsicum.c @@ -29,6 +29,9 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#ifdef HAVE_CAPSICUM_HELPERS_H +#include <capsicum_helpers.h> +#endif #include "log.h" #include "monitor.h" @@ -69,6 +72,10 @@ ssh_sandbox_child(struct ssh_sandbox *box) struct rlimit rl_zero; cap_rights_t rights; +#ifdef HAVE_CAPH_CACHE_TZDATA + caph_cache_tzdata(); +#endif + rl_zero.rlim_cur = rl_zero.rlim_max = 0; if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) |