Displaying 3 results from an estimated 3 matches for "sandbox_systrace".
2012 May 18
6
[Bug 2011] New: sandbox selection needs some kind of fallback mechanism
...so I'd be happy to try to put
together a patch for this, given a bit of direction. Would you prefer
a simple approach that just explicitly hands off from seccomp_filter to
rlimit until something more complex is needed, or would you prefer
something like:
struct Sandbox *sandboxes = {
#ifdef SANDBOX_SYSTRACE
sandbox_systrace,
#endif
...
sandbox_null
}
and then something that iterates over all the compiled-in sandboxes and
picks the first one whose init succeeds?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Y...
2011 Jun 23
1
sandbox for OS X
...nfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
@@ -2487,6 +2489,11 @@ if test "x$sandbox_arg" = "xsystrace" ||
( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
SANDBOX_STYLE="systrace"
AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
+elif test "x$sandbox_arg" = "xdarwin" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
+ test "x$ac_cv_header_sandbox_h" = "xyes") ;...
2011 Jun 22
3
sandbox pre-auth privsep child
...ot;"
+ else
+ sandbox_arg="$withval"
+ fi
+ ]
+)
+if test "x$sandbox_arg" = "xsystrace" || \
+ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
+ SANDBOX_STYLE="systrace"
+ AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
+elif test "x$sandbox_arg" = "xrlimit" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
+ SANDBOX_STYLE="rlimit"
+ AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox...