commit 8bb8cf2ad488151879b1d7e5ec7436d38553b1b5 from: Omar Polo date: Fri Jul 02 09:26:59 2021 UTC configure: add --disable-sandbox Calling `configure' with --disable-sandbox will disable the sandbox support *completely* at compile time. gmid will still complain at compile time and during the startup. Users shouldn't disable the sandbox if possible, but instead report problem upstream so they get fixed (hopefully.) #4 related commit - 137def5ff4c0f9720391ca88191cf9fee6d8ae9a commit + 8bb8cf2ad488151879b1d7e5ec7436d38553b1b5 blob - d5f40358bb8edc70f0dfb81e48f37fbbc18a8a99 blob + 707ef3de2d05bbc21e99ccbf40509b8f887bc5e3 --- configure +++ configure @@ -43,6 +43,8 @@ LD_IMSG= STATIC= YACC=yacc +DISABLE_SANDBOX=0 + NEED_GNU_SOURCE=0 NEED_OPENBSD_SOURCE=0 @@ -88,6 +90,11 @@ which ${YACC} 2>/dev/null 1>&2 || { # allow certain variables to be overridden on the command line for keyvals in "$@"; do + if [ "$keyvals" = "--disable-sandbox" ]; then + DISABLE_SANDBOX=1 + continue + fi + key=`echo $keyvals | cut -s -d '=' -f1` if [ -z "$key" ]; then echo "$0: invalid key-value: $keyvals" 1>&2 @@ -275,6 +282,8 @@ echo "#include " cat <<__HEREDOC__ +#define DISABLE_SANDBOX ${DISABLE_SANDBOX} + #define HAVE_ERR ${HAVE_ERR} #define HAVE_EXPLICIT_BZERO ${HAVE_EXPLICIT_BZERO} #define HAVE_FREEZERO ${HAVE_FREEZERO} blob - 3f99f08cde9217fdc7bb28176b7e92fb69c0a5ac blob + 8b1244b1fb08dad1a400cb26c32efacd262bbe1e --- sandbox.c +++ sandbox.c @@ -16,8 +16,31 @@ #include "gmid.h" -#if defined(__FreeBSD__) +#if DISABLE_SANDBOX +#warning "Sandbox disabled! Please report issues upstream instead of disabling the sandbox." + +void +sandbox_server_process(void) +{ + return; +} + +void +sandbox_executor_process(void) +{ + log_notice(NULL, "Sandbox disabled! " + "Please report issues upstream instead of disabling the sandbox."); +} + +void +sandbox_logger_process(void) +{ + return; +} + +#elif defined(__FreeBSD__) + #include void