commit 75c6959bf28d0e53adad5493df0fba6715e181fa from: Omar Polo date: Sat Jul 03 06:59:33 2021 UTC configure: add --disable-sandbox Calling `configure' with --disable-sandbox will disable the sandbox support *completely* at compile time. gmid will still complain at compile time and during the startup. Users shouldn't disable the sandbox if possible, but instead report problem upstream so they get fixed (hopefully.) #4 related commit - 6c0b8478504cb1d6eb029a095992de0d161e5933 commit + 75c6959bf28d0e53adad5493df0fba6715e181fa blob - cfec87a0fe12d382db814d37899554ff498742ce blob + eb006561b466e626e3a91f158e0d714d36bb66ae --- configure +++ configure @@ -44,6 +44,8 @@ LEX=lex STATIC= YACC=yacc +DISABLE_SANDBOX=0 + NEED_GNU_SOURCE=0 NEED_OPENBSD_SOURCE=0 @@ -100,6 +102,11 @@ which ${YACC} 2>/dev/null 1>&2 || { # allow certain variables to be overridden on the command line for keyvals in "$@"; do + if [ "$keyvals" = "--disable-sandbox" ]; then + DISABLE_SANDBOX=1 + continue + fi + key=`echo $keyvals | cut -s -d '=' -f1` if [ -z "$key" ]; then echo "$0: invalid key-value: $keyvals" 1>&2 @@ -287,6 +294,8 @@ echo "#include " cat <<__HEREDOC__ +#define DISABLE_SANDBOX ${DISABLE_SANDBOX} + #define HAVE_ERR ${HAVE_ERR} #define HAVE_EXPLICIT_BZERO ${HAVE_EXPLICIT_BZERO} #define HAVE_FREEZERO ${HAVE_FREEZERO} blob - a877c167ebf543b050db730293bd7c33b016d73b blob + dfcb1b0074e4112a3427b5e80942e0d520dffe5b --- sandbox.c +++ sandbox.c @@ -16,8 +16,31 @@ #include "gmid.h" -#if defined(__FreeBSD__) +#if DISABLE_SANDBOX +#warning "Sandbox disabled! Please report issues upstream instead of disabling the sandbox." + +void +sandbox_server_process(void) +{ + return; +} + +void +sandbox_executor_process(void) +{ + log_notice(NULL, "Sandbox disabled! " + "Please report issues upstream instead of disabling the sandbox."); +} + +void +sandbox_logger_process(void) +{ + return; +} + +#elif defined(__FreeBSD__) + #include void