don't. */
#undef HAVE_DECL_QUAD_MIN
+/* Define to 1 if you have the declaration of `SECCOMP_SET_MODE_FILTER', and
+ to 0 if you don't. */
+#undef HAVE_DECL_SECCOMP_SET_MODE_FILTER
+
/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
don't. */
#undef HAVE_DECL_SETAUTHDB
/* Define to 1 if you have the `posix_spawnp' function. */
#undef HAVE_POSIX_SPAWNP
-/* Define to 1 if you have the `prctl' function. */
-#undef HAVE_PRCTL
-
/* Define to 1 if you have the `pread' function. */
#undef HAVE_PREAD
*-*-linux*|*-*-k*bsd*-gnu)
shadow_funcs="getspnam"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- # Check for linux/filter.h and prctl to use seccomp(2)
- ac_fn_c_check_header_mongrel "$LINENO" "linux/filter.h" "ac_cv_header_linux_filter_h" "$ac_includes_default"
-if test "x$ac_cv_header_linux_filter_h" = xyes; then :
- for ac_func in prctl
-do :
- ac_fn_c_check_func "$LINENO" "prctl" "ac_cv_func_prctl"
-if test "x$ac_cv_func_prctl" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_PRCTL 1
-_ACEOF
-
-fi
-done
+ # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+ ac_fn_c_check_decl "$LINENO" "SECCOMP_SET_MODE_FILTER" "ac_cv_have_decl_SECCOMP_SET_MODE_FILTER" "
+#include <sys/types.h>
+#include <sys/prctl.h>
+#include <asm/unistd.h>
+#include <linux/seccomp.h>
+#include <linux/filter.h>
+"
+if test "x$ac_cv_have_decl_SECCOMP_SET_MODE_FILTER" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
fi
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SECCOMP_SET_MODE_FILTER $ac_have_decl
+_ACEOF
;;
*-*-gnu*)
*-*-linux*|*-*-k*bsd*-gnu)
shadow_funcs="getspnam"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- # Check for linux/filter.h and prctl to use seccomp(2)
- AC_CHECK_HEADER([linux/filter.h], [AC_CHECK_FUNCS([prctl])])
+ # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h
+ AC_CHECK_DECLS([SECCOMP_SET_MODE_FILTER], [], [], [
+#include <sys/types.h>
+#include <sys/prctl.h>
+#include <asm/unistd.h>
+#include <linux/seccomp.h>
+#include <linux/filter.h>
+ ])
;;
*-*-gnu*)
# lockf() is broken on the Hurd
#include <sys/types.h>
-#if defined(__linux__) && defined(HAVE_PRCTL)
+#if defined(HAVE_DECL_SECCOMP_SET_MODE_FILTER) && HAVE_DECL_SECCOMP_SET_MODE_FILTER
# include <sys/prctl.h>
# include <asm/unistd.h>
-# include <linux/audit.h>
# include <linux/filter.h>
# include <linux/seccomp.h>
#endif
/*
* On Linux we can use a seccomp() filter to disable exec.
*/
-#if defined(__linux) && defined(HAVE_PRCTL)
+#if defined(HAVE_DECL_SECCOMP_SET_MODE_FILTER) && HAVE_DECL_SECCOMP_SET_MODE_FILTER
/* Older systems may not support execveat(2). */
#ifndef __NR_execveat
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == 0)
(void)prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &exec_fprog);
}
-#endif /* __linux__ && HAVE_PRCTL */
+#endif /* HAVE_DECL_SECCOMP_SET_MODE_FILTER */
projects / sudo / commitdiff