search for: sandbox_systrace

...so I'd be happy to try to put together a patch for this, given a bit of direction. Would you prefer a simple approach that just explicitly hands off from seccomp_filter to rlimit until something more complex is needed, or would you prefer something like: struct Sandbox *sandboxes = { #ifdef SANDBOX_SYSTRACE sandbox_systrace, #endif ... sandbox_null } and then something that iterates over all the compiled-in sandboxes and picks the first one whose init succeeds? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- Y...

...nfly*) SSHDLIBS="$SSHDLIBS -lcrypt" @@ -2487,6 +2489,11 @@ if test "x$sandbox_arg" = "xsystrace" || ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then SANDBOX_STYLE="systrace" AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) +elif test "x$sandbox_arg" = "xdarwin" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ + test "x$ac_cv_header_sandbox_h" = "xyes") ;...

...ot;" + else + sandbox_arg="$withval" + fi + ] +) +if test "x$sandbox_arg" = "xsystrace" || \ + ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then + SANDBOX_STYLE="systrace" + AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) +elif test "x$sandbox_arg" = "xrlimit" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then + SANDBOX_STYLE="rlimit" + AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox...