diff options
| author | Lasse Collin <lasse.collin@tukaani.org> | 2015-03-31 22:19:34 +0300 |
|---|---|---|
| committer | Lasse Collin <lasse.collin@tukaani.org> | 2015-03-31 22:19:34 +0300 |
| commit | 1238381143a9a7ce84839c2582ccd56ff750a440 (patch) | |
| tree | 83f309268f623840648babfdf2e64a7f5cce5167 /configure.ac | |
| parent | Fix bugs and otherwise improve ax_check_capsicum.m4. (diff) | |
| download | xz-1238381143a9a7ce84839c2582ccd56ff750a440.tar.xz | |
xz: Add support for sandboxing with Capsicum.
The sandboxing is used conditionally as described in main.c.
This isn't optimal but it was much easier to implement than
a full sandboxing solution and it still covers the most common
use cases where xz is writing to standard output. This should
have practically no effect on performance even with small files
as fork() isn't needed.
C and locale libraries can open files as needed. This has been
fine in the past, but it's a problem with things like Capsicum.
io_sandbox_enter() tries to ensure that various locale-related
files have been loaded before cap_enter() is called, but it's
possible that there are other similar problems which haven't
been seen yet.
Currently Capsicum is available on FreeBSD 10 and later
and there is a port to Linux too.
Thanks to Loganaden Velvindron for help.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index c8fdb5e4..aa68e33b 100644 --- a/configure.ac +++ b/configure.ac @@ -468,6 +468,30 @@ AC_MSG_RESULT([$enable_symbol_versions]) AM_CONDITIONAL([COND_SYMVERS], [test "x$enable_symbol_versions" = xyes]) +############## +# Sandboxing # +############## + +AC_MSG_CHECKING([if sandboxing should be used]) +AC_ARG_ENABLE([sandbox], [AS_HELP_STRING([--enable-sandbox=METHOD], + [Sandboxing METHOD can be `auto', `no', or `capsicum'. + The default is `auto' which enables sandboxing if + a supported sandboxing method is found.])], + [], [enable_sandbox=auto]) +case $enable_sandbox in + auto) + AC_MSG_RESULT([maybe (autodetect)]) + ;; + no | capsicum) + AC_MSG_RESULT([$enable_sandbox]) + ;; + *) + AC_MSG_RESULT([]) + AC_MSG_ERROR([--enable-sandbox only accepts `auto', `no', or `capsicum'.]) + ;; +esac + + ############################################################################### # Checks for programs. ############################################################################### @@ -698,6 +722,23 @@ AC_CHECK_DECL([_mm_movemask_epi8], #include <immintrin.h> #endif]) +# Check for sandbox support. If one is found, set enable_sandbox=found. +case $enable_sandbox in + auto | capsicum) + AX_CHECK_CAPSICUM([enable_sandbox=found], [:]) + ;; +esac + +# If a specific sandboxing method was explicitly requested and it wasn't +# found, give an error. +case $enable_sandbox in + auto | no | found) + ;; + *) + AC_MSG_ERROR([$enable_sandbox support not found]) + ;; +esac + ############################################################################### # If using GCC, set some additional AM_CFLAGS: |