diff options
52 files changed, 859 insertions, 30 deletions
diff --git a/Makefile.in b/Makefile.in index 6adf4412..0d449288 100644 --- a/Makefile.in +++ b/Makefile.in @@ -106,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1372,6 +1373,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ @@ -21,6 +21,18 @@ Major changes since man-db 2.7.6.1: o Treat "\(en" as another synonym for "\-" in NAME sections. + o Confine most subprocesses that handle untrusted data using + seccomp. This mainly deals with subprocesses that perform + encoding conversions, (de)compressors, groff programs, and a few + other odds and ends. groff programs use a slightly more + permissive filter since they need to create temporary files, so + additional path-based confinement (e.g. using AppArmor) is still + useful. + + If this goes wrong, then MAN_DISABLE_SECCOMP=1 can be set in the + environment to disable it, but please report any such problem as a + bug. + man-db 2.7.6.1 (12 December 2016) ================================= @@ -1540,6 +1540,7 @@ m4_include([m4/man-check-progs.m4]) m4_include([m4/man-compress-lib.m4]) m4_include([m4/man-gnu-nroff.m4]) m4_include([m4/man-heirloom-nroff.m4]) +m4_include([m4/man-libseccomp.m4]) m4_include([m4/man-linguas.m4]) m4_include([m4/man-po4a.m4]) m4_include([m4/man-trans-subst.m4]) diff --git a/config.h.in b/config.h.in index 83c77f5a..b2bc4b3b 100644 --- a/config.h.in +++ b/config.h.in @@ -744,6 +744,9 @@ /* Define to 1 if you have the <libintl.h> header file. */ #undef HAVE_LIBINTL_H +/* Define to 1 if you have the `libseccomp' library. */ +#undef HAVE_LIBSECCOMP + /* Define to 1 if you have the `z' library (-lz). */ #undef HAVE_LIBZ @@ -669,6 +669,8 @@ TRANS_CATMAN_UPPER TRANS_CATMAN TRANS_APROPOS_UPPER TRANS_APROPOS +libseccomp_LIBS +libseccomp_CFLAGS DBLIBS DBTYPE libpipeline_LIBS @@ -1731,7 +1733,9 @@ PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR libpipeline_CFLAGS -libpipeline_LIBS' +libpipeline_LIBS +libseccomp_CFLAGS +libseccomp_LIBS' # Initialize some variables set by options. @@ -2476,6 +2480,10 @@ Some influential environment variables: C compiler flags for libpipeline, overriding pkg-config libpipeline_LIBS linker flags for libpipeline, overriding pkg-config + libseccomp_CFLAGS + C compiler flags for libseccomp, overriding pkg-config + libseccomp_LIBS + linker flags for libseccomp, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -46530,12 +46538,12 @@ if test -n "$libpipeline_CFLAGS"; then pkg_cv_libpipeline_CFLAGS="$libpipeline_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpipeline >= 1.4.0\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libpipeline >= 1.4.0") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpipeline >= 1.5.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libpipeline >= 1.5.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_libpipeline_CFLAGS=`$PKG_CONFIG --cflags "libpipeline >= 1.4.0" 2>/dev/null` + pkg_cv_libpipeline_CFLAGS=`$PKG_CONFIG --cflags "libpipeline >= 1.5.0" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -46547,12 +46555,12 @@ if test -n "$libpipeline_LIBS"; then pkg_cv_libpipeline_LIBS="$libpipeline_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpipeline >= 1.4.0\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libpipeline >= 1.4.0") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpipeline >= 1.5.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libpipeline >= 1.5.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_libpipeline_LIBS=`$PKG_CONFIG --libs "libpipeline >= 1.4.0" 2>/dev/null` + pkg_cv_libpipeline_LIBS=`$PKG_CONFIG --libs "libpipeline >= 1.5.0" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -46573,14 +46581,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - libpipeline_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libpipeline >= 1.4.0" 2>&1` + libpipeline_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libpipeline >= 1.5.0" 2>&1` else - libpipeline_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libpipeline >= 1.4.0" 2>&1` + libpipeline_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libpipeline >= 1.5.0" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$libpipeline_PKG_ERRORS" >&5 - as_fn_error $? "Package requirements (libpipeline >= 1.4.0) were not met: + as_fn_error $? "Package requirements (libpipeline >= 1.5.0) were not met: $libpipeline_PKG_ERRORS @@ -47285,6 +47293,82 @@ then fi +# Check for libseccomp library. + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libseccomp" >&5 +$as_echo_n "checking for libseccomp... " >&6; } + +if test -n "$libseccomp_CFLAGS"; then + pkg_cv_libseccomp_CFLAGS="$libseccomp_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libseccomp\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libseccomp") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_libseccomp_CFLAGS=`$PKG_CONFIG --cflags "libseccomp" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$libseccomp_LIBS"; then + pkg_cv_libseccomp_LIBS="$libseccomp_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libseccomp\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libseccomp") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_libseccomp_LIBS=`$PKG_CONFIG --libs "libseccomp" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + libseccomp_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libseccomp" 2>&1` + else + libseccomp_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libseccomp" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$libseccomp_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + libseccomp_CFLAGS=$pkg_cv_libseccomp_CFLAGS + libseccomp_LIBS=$pkg_cv_libseccomp_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_LIBSECCOMP 1" >>confdefs.h + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: default CC = \"$CC\"" >&5 $as_echo "$as_me: default CC = \"$CC\"" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: default CPP = \"$CPP\"" >&5 diff --git a/configure.ac b/configure.ac index 5b311e66..8f8ab647 100644 --- a/configure.ac +++ b/configure.ac @@ -351,7 +351,7 @@ AC_TYPE_UID_T AC_TYPE_SIZE_T # Check for pipeline library. -PKG_CHECK_MODULES([libpipeline], [libpipeline >= 1.4.0]) +PKG_CHECK_MODULES([libpipeline], [libpipeline >= 1.5.0]) # Find a suitable database interface header and library. # @@ -426,6 +426,9 @@ then fi AC_SUBST([DBLIBS]) +# Check for libseccomp library. +MAN_LIBSECCOMP + dnl MAN_ECHO_VAR(ENV-VARIABLE) define([MAN_ECHO_VAR], [AC_MSG_NOTICE([default $1 = "$$1"])])dnl dnl diff --git a/docs/INSTALL.quick b/docs/INSTALL.quick index d645463e..4170575e 100644 --- a/docs/INSTALL.quick +++ b/docs/INSTALL.quick @@ -5,7 +5,7 @@ the Quick install below. man-db requires several external packages: - o libpipeline >= 1.4.0 (http://libpipeline.nongnu.org/) + o libpipeline >= 1.5.0 (http://libpipeline.nongnu.org/) o flex >= 2.5.30 (http://flex.sf.net/) o a database library, one of: GDBM (http://www.gnu.org.ua/software/gdbm/) @@ -19,6 +19,7 @@ and on systems without GNU libc: Some other packages are recommended and used if available: o zlib (http://zlib.net/) + o libseccomp (https://github.com/seccomp/libseccomp) Quick INSTALL ============= diff --git a/docs/Makefile.in b/docs/Makefile.in index 4a2f3a86..72169fda 100644 --- a/docs/Makefile.in +++ b/docs/Makefile.in @@ -106,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1279,6 +1280,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/gnulib/lib/Makefile.in b/gnulib/lib/Makefile.in index 93e593d3..f16acfa5 100644 --- a/gnulib/lib/Makefile.in +++ b/gnulib/lib/Makefile.in @@ -131,6 +131,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1413,6 +1414,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/init/Makefile.in b/init/Makefile.in index f7221cf1..6d27ca59 100644 --- a/init/Makefile.in +++ b/init/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1336,6 +1337,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in index 0619c985..c61d0b7d 100644 --- a/init/systemd/Makefile.in +++ b/init/systemd/Makefile.in @@ -106,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1306,6 +1307,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/lib/Makefile.am b/lib/Makefile.am index f4b135db..8bf76cdd 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -29,7 +29,8 @@ libman_la_CPPFLAGS = \ -I$(top_srcdir)/gnulib/lib \ -I$(top_builddir)/gnulib/lib \ -DLOCALEDIR=\"$(localedir)\" \ - $(libpipeline_CFLAGS) + $(libpipeline_CFLAGS) \ + $(libseccomp_CFLAGS) libman_la_SOURCES = \ appendstr.c \ @@ -50,6 +51,8 @@ libman_la_SOURCES = \ orderfiles.h \ pathsearch.c \ pathsearch.h \ + sandbox.c \ + sandbox.h \ security.c \ security.h \ tempfile.c \ @@ -67,4 +70,5 @@ libman_la_LIBADD = ../gnulib/lib/libgnu.la $(LTLIBOBJS) \ libman_la_LDFLAGS = \ -avoid-version -release $(VERSION) -rpath $(pkglibdir) \ -no-undefined \ - $(libpipeline_LIBS) + $(libpipeline_LIBS) \ + $(libseccomp_LIBS) diff --git a/lib/Makefile.in b/lib/Makefile.in index e3a7c29a..89df5434 100644 --- a/lib/Makefile.in +++ b/lib/Makefile.in @@ -107,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -345,7 +346,8 @@ am_libman_la_OBJECTS = libman_la-appendstr.lo libman_la-cleanup.lo \ libman_la-encodings.lo libman_la-hashtable.lo \ libman_la-linelength.lo libman_la-lower.lo \ libman_la-orderfiles.lo libman_la-pathsearch.lo \ - libman_la-security.lo libman_la-tempfile.lo libman_la-util.lo \ + libman_la-sandbox.lo libman_la-security.lo \ + libman_la-tempfile.lo libman_la-util.lo \ libman_la-wordfnmatch.lo libman_la-xchown.lo \ libman_la-xregcomp.lo libman_la_OBJECTS = $(am_libman_la_OBJECTS) @@ -1369,6 +1371,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ @@ -1419,7 +1423,8 @@ libman_la_CPPFLAGS = \ -I$(top_srcdir)/gnulib/lib \ -I$(top_builddir)/gnulib/lib \ -DLOCALEDIR=\"$(localedir)\" \ - $(libpipeline_CFLAGS) + $(libpipeline_CFLAGS) \ + $(libseccomp_CFLAGS) libman_la_SOURCES = \ appendstr.c \ @@ -1440,6 +1445,8 @@ libman_la_SOURCES = \ orderfiles.h \ pathsearch.c \ pathsearch.h \ + sandbox.c \ + sandbox.h \ security.c \ security.h \ tempfile.c \ @@ -1457,7 +1464,8 @@ libman_la_LIBADD = ../gnulib/lib/libgnu.la $(LTLIBOBJS) \ libman_la_LDFLAGS = \ -avoid-version -release $(VERSION) -rpath $(pkglibdir) \ -no-undefined \ - $(libpipeline_LIBS) + $(libpipeline_LIBS) \ + $(libseccomp_LIBS) all: all-am @@ -1547,6 +1555,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libman_la-lower.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libman_la-orderfiles.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libman_la-pathsearch.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libman_la-sandbox.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libman_la-security.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libman_la-tempfile.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libman_la-util.Plo@am__quote@ @@ -1645,6 +1654,13 @@ libman_la-pathsearch.lo: pathsearch.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libman_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libman_la-pathsearch.lo `test -f 'pathsearch.c' || echo '$(srcdir)/'`pathsearch.c +libman_la-sandbox.lo: sandbox.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libman_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libman_la-sandbox.lo -MD -MP -MF $(DEPDIR)/libman_la-sandbox.Tpo -c -o libman_la-sandbox.lo `test -f 'sandbox.c' || echo '$(srcdir)/'`sandbox.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libman_la-sandbox.Tpo $(DEPDIR)/libman_la-sandbox.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sandbox.c' object='libman_la-sandbox.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libman_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libman_la-sandbox.lo `test -f 'sandbox.c' || echo '$(srcdir)/'`sandbox.c + libman_la-security.lo: security.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libman_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libman_la-security.lo -MD -MP -MF $(DEPDIR)/libman_la-security.Tpo -c -o libman_la-security.lo `test -f 'security.c' || echo '$(srcdir)/'`security.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libman_la-security.Tpo $(DEPDIR)/libman_la-security.Plo diff --git a/lib/decompress.c b/lib/decompress.c index a176a9dc..eeb6f591 100644 --- a/lib/decompress.c +++ b/lib/decompress.c @@ -42,6 +42,7 @@ #include "comp_src.h" #include "pipeline.h" #include "decompress.h" +#include "sandbox.h" #ifdef HAVE_LIBZ @@ -68,6 +69,8 @@ static void decompress_zlib (void *data ATTRIBUTE_UNUSED) #endif /* HAVE_LIBZ */ +extern man_sandbox *sandbox; + pipeline *decompress_open (const char *filename) { pipecmd *cmd; @@ -89,6 +92,7 @@ pipeline *decompress_open (const char *filename) char *name = xasprintf ("zcat < %s", filename); cmd = pipecmd_new_function (name, &decompress_zlib, NULL, NULL); + sandbox_attach (sandbox, cmd); free (name); p = pipeline_new_commands (cmd, NULL); goto got_pipeline; @@ -105,6 +109,7 @@ pipeline *decompress_open (const char *filename) cmd = pipecmd_new_argstr (comp->prog); pipecmd_arg (cmd, filename); + sandbox_attach (sandbox, cmd); p = pipeline_new_commands (cmd, NULL); goto got_pipeline; } @@ -116,6 +121,7 @@ pipeline *decompress_open (const char *filename) if (ext) { cmd = pipecmd_new_argstr (GUNZIP " -S \"\""); pipecmd_arg (cmd, filename); + sandbox_attach (sandbox, cmd); p = pipeline_new_commands (cmd, NULL); goto got_pipeline; } @@ -138,6 +144,7 @@ pipeline *decompress_fdopen (int fd) #ifdef HAVE_LIBZ cmd = pipecmd_new_function ("zcat", &decompress_zlib, NULL, NULL); + sandbox_attach (sandbox, cmd); p = pipeline_new_commands (cmd, NULL); #else /* HAVE_LIBZ */ p = pipeline_new (); diff --git a/lib/sandbox.c b/lib/sandbox.c new file mode 100644 index 00000000..2ad47e95 --- /dev/null +++ b/lib/sandbox.c @@ -0,0 +1,499 @@ +/* + * sandbox.c: Process sandboxing + * + * Copyright (C) 2017 Colin Watson. + * + * This file is part of man-db. + * + * man-db is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * man-db is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with man-db; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + * Some of the syscall lists in this file come from systemd, whose + * copyright/licensing statement is as follows. Per LGPLv2.1 s. 3, I have + * altered the original references to LGPLv2.1 to refer to GPLv2 instead. + * + * Copyright 2014 Lennart Poettering + * + * systemd is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * systemd is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with systemd; If not, see <http://www.gnu.org/licenses/>. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif /* HAVE_CONFIG_H */ + +#include <errno.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#ifdef HAVE_LIBSECCOMP +# include <sys/prctl.h> +# include <seccomp.h> +#endif /* HAVE_LIBSECCOMP */ + +#include "pipeline.h" + +#include "manconfig.h" + +#include "error.h" + +#include "sandbox.h" + +struct man_sandbox { +#ifdef HAVE_LIBSECCOMP + scmp_filter_ctx ctx; + scmp_filter_ctx permissive_ctx; +#else /* !HAVE_LIBSECCOMP */ + char dummy; +#endif /* HAVE_LIBSECCOMP */ +}; + +#ifdef HAVE_LIBSECCOMP +/* Can we load a seccomp filter into this process? + * + * This guard allows us to call sandbox_load in code paths that may + * conditionally do so again. + */ +static int can_load_seccomp (void) +{ + const char *man_disable_seccomp, *ld_preload; + int seccomp_status; + + man_disable_seccomp = getenv ("MAN_DISABLE_SECCOMP"); + if (man_disable_seccomp && *man_disable_seccomp) { + debug ("seccomp filter disabled by user request\n"); + return 0; + } + + /* Valgrind causes the child process to make some system calls we + * don't want to allow in general, so disable seccomp when running + * on Valgrind. + * + * The correct approach seems to be to either require valgrind.h at + * build-time or copy valgrind.h into this project and then use the + * RUNNING_ON_VALGRIND macro, but I'd really rather not add a + * build-dependency for this or take a copy of a >6000-line header + * file. Since the goal of this is only to disable the seccomp + * filter under Valgrind, this will do for now. + */ + ld_preload = getenv ("LD_PRELOAD"); + if (ld_preload && strstr (ld_preload, "/vgpreload") != NULL) { + debug ("seccomp filter disabled while running under " + "Valgrind\n"); + return 0; + } + + seccomp_status = prctl (PR_GET_SECCOMP); + + if (seccomp_status == 0) + return 1; + + if (seccomp_status == -1) { + if (errno == EINVAL) + debug ("running kernel does not support seccomp\n"); + else + debug ("unknown error getting seccomp status: %s\n", + strerror (errno)); + } else if (seccomp_status == 2) + debug ("seccomp already enabled\n"); + else + debug ("unknown return value from PR_GET_SECCOMP: %d\n", + seccomp_status); + return 0; +} +#endif /* HAVE_LIBSECCOMP */ + +#ifdef HAVE_LIBSECCOMP +/* Create a seccomp filter. + * + * If permissive is true, then the returned filter will allow limited file + * creation (although not making executable files). This obviously + * constitutes less effective confinement, but it's necessary for some + * subprocesses (such as groff) that need the ability to write to temporary + * files. Confining these further requires additional tools that can do + * path-based filtering or similar, such as AppArmor. + */ +scmp_filter_ctx make_seccomp_filter (int permissive) +{ + scmp_filter_ctx ctx; + mode_t mode_mask = S_ISUID | S_ISGID | S_IXUSR | S_IXGRP | S_IXOTH; + int create_mask = O_CREAT +#ifdef O_TMPFILE + | O_TMPFILE +#endif /* O_TMPFILE */ + ; + + debug ("initialising seccomp filter (permissive: %d)\n", permissive); + ctx = seccomp_init (SCMP_ACT_TRAP); + if (!ctx) + error (FATAL, errno, "can't initialise seccomp filter"); + +#define SC_ALLOW(name) \ + do { \ + int nr = seccomp_syscall_resolve_name (name); \ + if (nr == __NR_SCMP_ERROR) \ + break; \ + if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, nr, 0) < 0) \ + error (FATAL, errno, "can't add seccomp rule"); \ + } while (0) + +#define SC_ALLOW_ARG_1(name, cmp1) \ + do { \ + int nr = seccomp_syscall_resolve_name (name); \ + if (nr == __NR_SCMP_ERROR) \ + break; \ + if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, nr, 1, cmp1) < 0) \ + error (FATAL, errno, "can't add seccomp rule"); \ + } while (0) + +#define SC_ALLOW_ARG_2(name, cmp1, cmp2) \ + do { \ + int nr = seccomp_syscall_resolve_name (name); \ + if (nr == __NR_SCMP_ERROR) \ + break; \ + if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, nr, \ + 2, cmp1, cmp2) < 0) \ + error (FATAL, errno, "can't add seccomp rule"); \ + } while (0) + + /* This sandbox is intended to allow operations that might + * reasonably be needed in simple data-transforming pipes: it should + * allow the process to do most reasonable things to itself, to read + * and write data from and to already-open file descriptors, to open + * files in read-only mode, and to fork new processes with the same + * restrictions. (If permissive is true, then it should also allow + * limited file creation; see the header comment above.) + * + * Since I currently know of no library with suitable syscall lists, + * the syscall lists here are taken from + * systemd:src/shared/seccomp-util.c, last updated from commit + * 67eb5b380a7b7eed82f658190bff4ca2d83e9abe (2017-11-30). + */ + + /* systemd: SystemCallFilter=@default */ + SC_ALLOW ("clock_getres"); + SC_ALLOW ("clock_gettime"); + SC_ALLOW ("clock_nanosleep"); + SC_ALLOW ("execve"); + SC_ALLOW ("exit"); + SC_ALLOW ("exit_group"); + SC_ALLOW ("futex"); + SC_ALLOW ("get_robust_list"); + SC_ALLOW ("get_thread_area"); + SC_ALLOW ("getegid"); + SC_ALLOW ("getegid32"); + SC_ALLOW ("geteuid"); + SC_ALLOW ("geteuid32"); + SC_ALLOW ("getgid"); + SC_ALLOW ("getgid32"); + SC_ALLOW ("getgroups"); + SC_ALLOW ("getgroups32"); + SC_ALLOW ("getpgid"); + SC_ALLOW ("getpgrp"); + SC_ALLOW ("getpid"); + SC_ALLOW ("getppid"); + SC_ALLOW ("getresgid"); + SC_ALLOW ("getresgid32"); + SC_ALLOW ("getresuid"); + SC_ALLOW ("getresuid32"); + SC_ALLOW ("getrlimit"); + SC_ALLOW ("getsid"); + SC_ALLOW ("gettid"); + SC_ALLOW ("gettimeofday"); + SC_ALLOW ("getuid"); + SC_ALLOW ("getuid32"); + SC_ALLOW ("membarrier"); + SC_ALLOW ("nanosleep"); + SC_ALLOW ("pause"); + SC_ALLOW ("prlimit64"); + SC_ALLOW ("restart_syscall"); + SC_ALLOW ("rt_sigreturn"); + SC_ALLOW ("sched_yield"); + SC_ALLOW ("set_robust_list"); + SC_ALLOW ("set_thread_area"); + SC_ALLOW ("set_tid_address"); + SC_ALLOW ("set_tls"); + SC_ALLOW ("sigreturn"); + SC_ALLOW ("time"); + SC_ALLOW ("ugetrlimit"); + + /* systemd: SystemCallFilter=@basic-io */ + SC_ALLOW ("_llseek"); + SC_ALLOW ("close"); + SC_ALLOW ("dup"); + SC_ALLOW ("dup2"); + SC_ALLOW ("dup3"); + SC_ALLOW ("lseek"); + SC_ALLOW ("pread64"); + SC_ALLOW ("preadv"); + SC_ALLOW ("preadv2"); + SC_ALLOW ("pwrite64"); + SC_ALLOW ("pwritev"); + SC_ALLOW ("pwritev2"); + SC_ALLOW ("read"); + SC_ALLOW ("readv"); + SC_ALLOW ("write"); + SC_ALLOW ("writev"); + + /* systemd: SystemCallFilter=@file-system (subset) */ + SC_ALLOW ("access"); + SC_ALLOW ("chdir"); + if (permissive) { + SC_ALLOW_ARG_1 ("chmod", + SCMP_A1 (SCMP_CMP_MASKED_EQ, mode_mask, 0)); + SC_ALLOW_ARG_1 ("creat", + SCMP_A1 (SCMP_CMP_MASKED_EQ, mode_mask, 0)); + } + SC_ALLOW ("faccessat"); + SC_ALLOW ("fallocate"); + SC_ALLOW ("fchdir"); + if (permissive) { + SC_ALLOW_ARG_1 ("fchmod", + SCMP_A1 (SCMP_CMP_MASKED_EQ, mode_mask, 0)); + SC_ALLOW_ARG_1 ("fchmodat", + SCMP_A2 (SCMP_CMP_MASKED_EQ, mode_mask, 0)); + } + SC_ALLOW ("fcntl"); + SC_ALLOW ("fcntl64"); + SC_ALLOW ("fstat"); + SC_ALLOW ("fstat64"); + SC_ALLOW ("fstatat64"); + SC_ALLOW ("fstatfs"); + SC_ALLOW ("fstatfs64"); + SC_ALLOW ("ftruncate"); + SC_ALLOW ("ftruncate64"); + if (permissive) SC_ALLOW ("futimesat"); + SC_ALLOW ("getcwd"); + SC_ALLOW ("getdents"); + SC_ALLOW ("getdents64"); + if (permissive) SC_ALLOW ("link"); + if (permissive) SC_ALLOW ("linkat"); + SC_ALLOW ("lstat"); + SC_ALLOW ("lstat64"); + if (permissive) SC_ALLOW ("mkdir"); + if (permissive) SC_ALLOW ("mkdirat"); + SC_ALLOW ("mmap"); + SC_ALLOW ("mmap2"); + SC_ALLOW ("munmap"); + SC_ALLOW ("newfstatat"); + SC_ALLOW ("oldfstat"); + SC_ALLOW ("oldlstat"); + SC_ALLOW ("oldstat"); + if (permissive) { + SC_ALLOW_ARG_2 ("open", + SCMP_A1 (SCMP_CMP_MASKED_EQ, O_CREAT, O_CREAT), + SCMP_A2 (SCMP_CMP_MASKED_EQ, mode_mask, 0)); + SC_ALLOW_ARG_2 ("openat", + SCMP_A2 (SCMP_CMP_MASKED_EQ, O_CREAT, O_CREAT), + SCMP_A3 (SCMP_CMP_MASKED_EQ, mode_mask, 0)); +#ifdef O_TMPFILE + SC_ALLOW_ARG_2 ("open", + SCMP_A1 (SCMP_CMP_MASKED_EQ, + O_TMPFILE, O_TMPFILE), + SCMP_A2 (SCMP_CMP_MASKED_EQ, mode_mask, 0)); + SC_ALLOW_ARG_2 ("openat", + SCMP_A2 (SCMP_CMP_MASKED_EQ, + O_TMPFILE, O_TMPFILE), + SCMP_A3 (SCMP_CMP_MASKED_EQ, mode_mask, 0)); +#endif /* O_TMPFILE */ + SC_ALLOW_ARG_1 ("open", + SCMP_A1 (SCMP_CMP_MASKED_EQ, create_mask, 0)); + SC_ALLOW_ARG_1 ("openat", + SCMP_A2 (SCMP_CMP_MASKED_EQ, create_mask, 0)); + } else { + SC_ALLOW_ARG_1 ("open", + SCMP_A1 (SCMP_CMP_MASKED_EQ, O_ACCMODE, + O_RDONLY)); + SC_ALLOW_ARG_1 ("openat", + SCMP_A2 (SCMP_CMP_MASKED_EQ, O_ACCMODE, + O_RDONLY)); + } + SC_ALLOW ("readlink"); + SC_ALLOW ("readlinkat"); + if (permissive) SC_ALLOW ("rename"); + if (permissive) SC_ALLOW ("renameat"); + if (permissive) SC_ALLOW ("renameat2"); + if (permissive) SC_ALLOW ("rmdir"); + SC_ALLOW ("stat"); + SC_ALLOW ("stat64"); + SC_ALLOW ("statfs"); + SC_ALLOW ("statfs64"); + SC_ALLOW ("statx"); + if (permissive) SC_ALLOW ("symlink"); + if (permissive) SC_ALLOW ("symlinkat"); + if (permissive) SC_ALLOW ("truncate"); + if (permissive) SC_ALLOW ("truncateat"); + if (permissive) SC_ALLOW ("unlink"); + if (permissive) SC_ALLOW ("unlinkat"); + if (permissive) SC_ALLOW ("utime"); + if (permissive) SC_ALLOW ("utimensat"); + if (permissive) SC_ALLOW ("utimes"); + + /* systemd: SystemCallFilter=@io-event */ + SC_ALLOW ("_newselect"); + SC_ALLOW ("epoll_create"); + SC_ALLOW ("epoll_create1"); + SC_ALLOW ("epoll_ctl"); + SC_ALLOW ("epoll_ctl_old"); + SC_ALLOW ("epoll_pwait"); + SC_ALLOW ("epoll_wait"); + SC_ALLOW ("epoll_wait_old"); + SC_ALLOW ("eventfd"); + SC_ALLOW ("eventfd2"); + SC_ALLOW ("poll"); + SC_ALLOW ("ppoll"); + SC_ALLOW ("pselect6"); + SC_ALLOW ("select"); + + /* systemd: SystemCallFilter=@ipc (subset) */ + SC_ALLOW ("pipe"); + SC_ALLOW ("pipe2"); + + /* systemd: SystemCallFilter=@process (subset) */ + SC_ALLOW ("arch_prctl"); + SC_ALLOW ("capget"); + SC_ALLOW ("clone"); + SC_ALLOW ("execveat"); + SC_ALLOW ("fork"); + SC_ALLOW ("getrusage"); + SC_ALLOW ("prctl"); + SC_ALLOW ("vfork"); + SC_ALLOW ("wait4"); + SC_ALLOW ("waitid"); + SC_ALLOW ("waitpid"); + + /* systemd: SystemCallFilter=@signal */ + SC_ALLOW ("rt_sigaction"); + SC_ALLOW ("rt_sigpending"); + SC_ALLOW ("rt_sigprocmask"); + SC_ALLOW ("rt_sigsuspend"); + SC_ALLOW ("rt_sigtimedwait"); + SC_ALLOW ("sigaction"); + SC_ALLOW ("sigaltstack"); + SC_ALLOW ("signal"); + SC_ALLOW ("signalfd"); + SC_ALLOW ("signalfd4"); + SC_ALLOW ("sigpending"); + SC_ALLOW ("sigprocmask"); + SC_ALLOW ("sigsuspend"); + + /* systemd: SystemCallFilter=@sync */ + SC_ALLOW ("fdatasync"); + SC_ALLOW ("fsync"); + SC_ALLOW ("msync"); + SC_ALLOW ("sync"); + SC_ALLOW ("sync_file_range"); + SC_ALLOW ("syncfs"); + + /* Extra syscalls not in any of systemd's sets. */ + SC_ALLOW ("brk"); + SC_ALLOW ("fadvise64"); + SC_ALLOW ("fadvise64_64"); + if (permissive) SC_ALLOW ("ioctl"); + SC_ALLOW ("mprotect"); + SC_ALLOW ("sysinfo"); + SC_ALLOW ("uname"); + +#undef SC_ALLOW_ARG_2 +#undef SC_ALLOW_ARG_1 +#undef SC_ALLOW + + return ctx; +} +#endif /* HAVE_LIBSECCOMP */ + +/* Create a sandbox for processing untrusted data. + * + * This only sets up data structures; the caller must call sandbox_load to + * actually enter the sandbox. + */ +man_sandbox *sandbox_init (void) +{ + man_sandbox *sandbox = XZALLOC (man_sandbox); + +#ifdef HAVE_LIBSECCOMP + sandbox->ctx = make_seccomp_filter (0); + sandbox->permissive_ctx = make_seccomp_filter (1); +#else /* !HAVE_LIBSECCOMP */ + sandbox->dummy = 0; +#endif /* HAVE_LIBSECCOMP */ + + return sandbox; +} + +typedef struct man_sandbox_op { + man_sandbox *sandbox; + int permissive; +} man_sandbox_op; + +/* Attach a sandbox to a pipeline command. */ +void sandbox_attach (man_sandbox *sandbox, pipecmd *cmd) { + man_sandbox_op *sandbox_op = XZALLOC (man_sandbox_op); + sandbox_op->sandbox = sandbox; + sandbox_op->permissive = 0; + pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox_op); +} + +/* Attach a sandbox to a pipeline command, allowing limited file creation. */ +void sandbox_attach_permissive (man_sandbox *sandbox, pipecmd *cmd) { + man_sandbox_op *sandbox_op = XZALLOC (man_sandbox_op); + sandbox_op->sandbox = sandbox; + sandbox_op->permissive = 1; + pipecmd_pre_exec (cmd, sandbox_load, sandbox_free, sandbox_op); +} + +/* Enter a sandbox for processing untrusted data. */ +void sandbox_load (void *data) { + man_sandbox_op *sandbox_op = data; + +#ifdef HAVE_LIBSECCOMP + if (can_load_seccomp ()) { + scmp_filter_ctx ctx; + + debug ("loading seccomp filter (permissive: %d)\n", + sandbox_op->permissive); + if (sandbox_op->permissive) + ctx = sandbox_op->sandbox->permissive_ctx; + else + ctx = sandbox_op->sandbox->ctx; + if (seccomp_load (ctx) < 0) + error (FATAL, errno, "can't load seccomp filter"); + } +#endif /* HAVE_LIBSECCOMP */ +} + +/* Free a sandbox for processing untrusted data. */ +void sandbox_free (void *data) { + man_sandbox_op *sandbox_op = data; + +#ifdef HAVE_LIBSECCOMP + seccomp_release (sandbox_op->sandbox->ctx); +#endif /* HAVE_LIBSECCOMP */ + + free (sandbox_op->sandbox); + free (sandbox_op); +} diff --git a/lib/sandbox.h b/lib/sandbox.h new file mode 100644 index 00000000..6535e342 --- /dev/null +++ b/lib/sandbox.h @@ -0,0 +1,37 @@ +/* + * sandbox.h: Interface to process sandboxing + * + * Copyright (C) 2017 Colin Watson. + * + * This file is part of man-db. + * + * man-db is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * man-db is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with man-db; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef MAN_SANDBOX_H +#define MAN_SANDBOX_H + +#include "pipeline.h" + +struct man_sandbox; +typedef struct man_sandbox man_sandbox; + +extern man_sandbox *sandbox_init (void); +extern void sandbox_attach (man_sandbox *sandbox, pipecmd *cmd); +extern void sandbox_attach_permissive (man_sandbox *sandbox, pipecmd *cmd); +extern void sandbox_load (void *data); +extern void sandbox_free (void *data); + +#endif /* MAN_SANDBOX_H */ diff --git a/libdb/Makefile.in b/libdb/Makefile.in index b039ac1c..6ddc8167 100644 --- a/libdb/Makefile.in +++ b/libdb/Makefile.in @@ -107,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1364,6 +1365,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/m4/man-libseccomp.m4 b/m4/man-libseccomp.m4 new file mode 100644 index 00000000..a9377317 --- /dev/null +++ b/m4/man-libseccomp.m4 @@ -0,0 +1,9 @@ +# man-libseccomp.m4 serial 1 +dnl MAN_LIBSECCOMP +dnl Check for the libseccomp library. +AC_DEFUN([MAN_LIBSECCOMP], +[PKG_CHECK_MODULES([libseccomp], [libseccomp], + [AC_DEFINE([HAVE_LIBSECCOMP], [1], + [Define to 1 if you have the `libseccomp' library.])], + [:]) +]) # MAN_LIBSECCOMP diff --git a/man/Makefile.in b/man/Makefile.in index 4f5179fc..31221db0 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1547,6 +1548,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/da/Makefile.in b/man/da/Makefile.in index 1e319bbe..942c99c9 100644 --- a/man/da/Makefile.in +++ b/man/da/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/de/Makefile.in b/man/de/Makefile.in index 6f7cf591..3c300003 100644 --- a/man/de/Makefile.in +++ b/man/de/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/es/Makefile.in b/man/es/Makefile.in index ad0b899a..e7f96da1 100644 --- a/man/es/Makefile.in +++ b/man/es/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/fr/Makefile.in b/man/fr/Makefile.in index 4c565f27..13731b2e 100644 --- a/man/fr/Makefile.in +++ b/man/fr/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/id/Makefile.in b/man/id/Makefile.in index 3304a5a2..87cc40ba 100644 --- a/man/id/Makefile.in +++ b/man/id/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/it/Makefile.in b/man/it/Makefile.in index 3bf7c135..2616290a 100644 --- a/man/it/Makefile.in +++ b/man/it/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/ja/Makefile.in b/man/ja/Makefile.in index 718a238c..a0bee9ec 100644 --- a/man/ja/Makefile.in +++ b/man/ja/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/nl/Makefile.in b/man/nl/Makefile.in index d6103562..5de60492 100644 --- a/man/nl/Makefile.in +++ b/man/nl/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/pl/Makefile.in b/man/pl/Makefile.in index 96360d83..30e96bb9 100644 --- a/man/pl/Makefile.in +++ b/man/pl/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/po4a/Makefile.in b/man/po4a/Makefile.in index a72e693c..9fe5b61e 100644 --- a/man/po4a/Makefile.in +++ b/man/po4a/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1276,6 +1277,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/pt_BR/Makefile.in b/man/pt_BR/Makefile.in index 0efdbfa6..b7652c5e 100644 --- a/man/pt_BR/Makefile.in +++ b/man/pt_BR/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/ru/Makefile.in b/man/ru/Makefile.in index 346048d6..f3b5629f 100644 --- a/man/ru/Makefile.in +++ b/man/ru/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/sr/Makefile.in b/man/sr/Makefile.in index 6a95acb8..d8ff324d 100644 --- a/man/sr/Makefile.in +++ b/man/sr/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/sv/Makefile.in b/man/sv/Makefile.in index ce8710ba..e9a10cd7 100644 --- a/man/sv/Makefile.in +++ b/man/sv/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/tr/Makefile.in b/man/tr/Makefile.in index 7f5ee8b4..2c709c29 100644 --- a/man/tr/Makefile.in +++ b/man/tr/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/man/zh_CN/Makefile.in b/man/zh_CN/Makefile.in index 1f7db07b..bba93722 100644 --- a/man/zh_CN/Makefile.in +++ b/man/zh_CN/Makefile.in @@ -105,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1489,6 +1490,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/manual/Makefile.in b/manual/Makefile.in index c8258301..63361385 100644 --- a/manual/Makefile.in +++ b/manual/Makefile.in @@ -106,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1279,6 +1280,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/src/Makefile.in b/src/Makefile.in index 3b6eea6a..5ab90d47 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -112,6 +112,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1443,6 +1444,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/src/accessdb.c b/src/accessdb.c index 75a5c019..7320b785 100644 --- a/src/accessdb.c +++ b/src/accessdb.c @@ -43,11 +43,13 @@ #include "manconfig.h" #include "error.h" +#include "sandbox.h" #include "mydbm.h" char *program_name; const char *cat_root; +man_sandbox *sandbox; /* unused, but needed by libman */ /* for db_storage.c */ char *database; diff --git a/src/catman.c b/src/catman.c index 5c665b86..dd3211f6 100644 --- a/src/catman.c +++ b/src/catman.c @@ -73,6 +73,7 @@ #include "cleanup.h" #include "error.h" #include "pipeline.h" +#include "sandbox.h" #include "mydbm.h" #include "db_storage.h" @@ -86,6 +87,8 @@ MYDBM_FILE dbf_close_post_fork; char *manp; extern char *user_config_file; char *database; +man_sandbox *sandbox; /* unused, but needed by libman */ + static const char **sections; const char *argp_program_version = "catman " PACKAGE_VERSION; diff --git a/src/globbing_test.c b/src/globbing_test.c index 31f8ffb4..27c6b446 100644 --- a/src/globbing_test.c +++ b/src/globbing_test.c @@ -39,8 +39,10 @@ #include "error.h" #include "globbing.h" +#include "sandbox.h" char *program_name; +man_sandbox *sandbox; /* unused, but needed by libman */ extern const char *extension; static int match_case = 0; diff --git a/src/lexgrog.l b/src/lexgrog.l index 4e045539..e122d902 100644 --- a/src/lexgrog.l +++ b/src/lexgrog.l @@ -51,6 +51,7 @@ #include "decompress.h" #include "security.h" #include "encodings.h" +#include "sandbox.h" #include "manconv_client.h" @@ -59,6 +60,8 @@ #define ARRAY_SIZE(array) (sizeof (array) / sizeof ((array)[0])) +extern man_sandbox *sandbox; + struct macro { const char *name; const char *value; @@ -830,8 +833,12 @@ int find_name (const char *file, const char *filename, lexgrog *p_lg, if (page_encoding) add_manconv (p, page_encoding, "UTF-8"); free (page_encoding); - if (p_lg->type && *COL) - pipeline_command_args (p, COL, "-b", "-p", "-x", NULL); + if (p_lg->type && *COL) { + pipecmd *col_cmd; + col_cmd = pipecmd_new_args (COL, "-b", "-p", "-x", NULL); + sandbox_attach (sandbox, col_cmd); + pipeline_command (p, col_cmd); + } pipeline_start (p); ret = find_name_decompressed (p, filename, p_lg); diff --git a/src/lexgrog_test.c b/src/lexgrog_test.c index 5a6d1fec..5ff40472 100644 --- a/src/lexgrog_test.c +++ b/src/lexgrog_test.c @@ -44,6 +44,7 @@ #include "cleanup.h" #include "error.h" #include "pipeline.h" +#include "sandbox.h" #include "security.h" #include "descriptions.h" @@ -51,6 +52,7 @@ char *program_name; int quiet = 1; +man_sandbox *sandbox; static int parse_man = 0, parse_cat = 0, show_whatis = 0, show_filters = 0; static const char *encoding = NULL; @@ -138,6 +140,7 @@ int main (int argc, char **argv) init_debug (); pipeline_install_post_fork (pop_all_cleanups); + sandbox = sandbox_init (); init_locale (); if (argp_parse (&argp, argc, argv, 0, 0, 0)) @@ -97,6 +97,7 @@ int have_cwd; #include "security.h" #include "encodings.h" #include "orderfiles.h" +#include "sandbox.h" #include "mydbm.h" #include "db_storage.h" @@ -194,6 +195,7 @@ extern const char *extension; /* for globbing.c */ extern char *user_config_file; /* defined in manp.c */ extern int disable_cache; extern int min_cat_width, max_cat_width, cat_width; +man_sandbox *sandbox; /* locals */ static const char *alt_system_name; @@ -656,10 +658,11 @@ static void check_standard_fds (void) static struct termios tms; static int tms_set = 0; +static pid_t tms_pid = 0; static void set_term (void) { - if (tms_set) + if (tms_set && getpid () == tms_pid) tcsetattr (STDIN_FILENO, TCSANOW, &tms); } @@ -668,8 +671,18 @@ static void get_term (void) if (isatty (STDOUT_FILENO)) { debug ("is a tty\n"); tcgetattr (STDIN_FILENO, &tms); - if (!tms_set++) + if (!tms_set++) { + /* Work around pipecmd_exec calling exit(3) rather + * than _exit(2), which means our atexit-registered + * functions are called at the end of each child + * process created using pipecmd_new_function and + * friends. It would probably be good to fix this + * in libpipeline at some point, but it would + * require care to avoid breaking compatibility. + */ + tms_pid = getpid (); atexit (set_term); + } } } @@ -1095,6 +1108,7 @@ static void add_col (pipeline *p, const char *locale_charset, ...) va_start (argv, locale_charset); pipecmd_argv (cmd, argv); va_end (argv); + sandbox_attach (sandbox, cmd); if (locale_charset) col_locale = find_charset_locale (locale_charset); @@ -1177,6 +1191,7 @@ static pipeline *make_roff_command (const char *dir, const char *file, cmd = pipecmd_new_function (ZSOELIM, &zsoelim_stdin, zsoelim_stdin_data_free, zsoelim_data); + sandbox_attach (sandbox, cmd); pipeline_command (p, cmd); } @@ -1244,9 +1259,12 @@ static pipeline *make_roff_command (const char *dir, const char *file, if (recode) add_manconv (p, page_encoding, recode); else if (groff_preconv) { + pipecmd *preconv_cmd; add_manconv (p, page_encoding, "UTF-8"); - pipeline_command_args - (p, groff_preconv, "-e", "UTF-8", NULL); + preconv_cmd = pipecmd_new_args + (groff_preconv, "-e", "UTF-8", NULL); + sandbox_attach (sandbox, preconv_cmd); + pipeline_command (p, preconv_cmd); } else if (roff_encoding) add_manconv (p, page_encoding, roff_encoding); else @@ -1405,6 +1423,7 @@ static pipeline *make_roff_command (const char *dir, const char *file, pipecmd_arg (cmd, "-P-g"); } + sandbox_attach_permissive (sandbox, cmd); pipeline_command (p, cmd); if (*pp_string == ' ' || *pp_string == '-') @@ -1541,9 +1560,12 @@ static void add_output_iconv (pipeline *p, debug ("add_output_iconv: source %s, target %s\n", source, target); if (source && target && !STREQ (source, target)) { char *target_translit = xasprintf ("%s//TRANSLIT", target); - pipeline_command_args (p, "iconv", "-c", - "-f", source, "-t", target_translit, - NULL); + pipecmd *iconv_cmd; + iconv_cmd = pipecmd_new_args + ("iconv", "-c", "-f", source, "-t", target_translit, + NULL); + sandbox_attach (sandbox, iconv_cmd); + pipeline_command (p, iconv_cmd); free (target_translit); } } @@ -1631,8 +1653,11 @@ static pipeline *make_display_command (const char *encoding, const char *title) if (isatty (STDOUT_FILENO)) { if (ascii) { - pipeline_command_argstr - (p, get_def_user ("tr", TR TR_SET1 TR_SET2)); + pipecmd *tr_cmd; + tr_cmd = pipecmd_new_argstr + (get_def_user ("tr", TR TR_SET1 TR_SET2)); + sandbox_attach (sandbox, tr_cmd); + pipeline_command (p, tr_cmd); pager_cmd = pipecmd_new_argstr (pager); } else #ifdef TROFF_IS_GROFF @@ -1820,6 +1845,7 @@ static pipeline *open_cat_stream (const char *cat_file, const char *encoding) /* fork the compressor */ comp_cmd = pipecmd_new_argstr (get_def ("compressor", COMPRESSOR)); pipecmd_nice (comp_cmd, 10); + sandbox_attach (sandbox, comp_cmd); pipeline_command (cat_p, comp_cmd); # endif /* pipeline_start will close tmp_cat_fd */ @@ -2027,13 +2053,17 @@ static void display_catman (const char *cat_file, pipeline *decomp, pipeline *format_cmd, const char *encoding) { char *tmpcat = tmp_cat_filename (cat_file); +#ifdef COMP_CAT + pipecmd *comp_cmd; +#endif /* COMP_CAT */ int status; add_output_iconv (format_cmd, encoding, "UTF-8"); #ifdef COMP_CAT - pipeline_command_argstr (format_cmd, - get_def ("compressor", COMPRESSOR)); + comp_cmd = pipecmd_new_argstr (get_def ("compressor", COMPRESSOR)); + sandbox_attach (sandbox, comp_cmd); + pipeline_command (format_cmd, comp_cmd); #endif /* COMP_CAT */ maybe_discard_stderr (format_cmd); @@ -4002,6 +4032,7 @@ int main (int argc, char *argv[]) init_debug (); pipeline_install_post_fork (pop_all_cleanups); + sandbox = sandbox_init (); umask (022); init_locale (); diff --git a/src/manconv_client.c b/src/manconv_client.c index 5a8439e0..7ff0c8bf 100644 --- a/src/manconv_client.c +++ b/src/manconv_client.c @@ -34,6 +34,7 @@ #include "pipeline.h" #include "decompress.h" +#include "sandbox.h" #ifdef MAN_OWNER # include "idpriv.h" @@ -43,6 +44,8 @@ #include "manconv.h" #include "manconv_client.h" +extern man_sandbox *sandbox; + struct manconv_codes { char **from; char *to; @@ -139,5 +142,6 @@ void add_manconv (pipeline *p, const char *source, const char *target) cmd = pipecmd_new_function (name, &manconv_stdin, &free_manconv_codes, codes); free (name); + sandbox_attach (sandbox, cmd); pipeline_command (p, cmd); } diff --git a/src/manconv_main.c b/src/manconv_main.c index 166a2b84..268800b5 100644 --- a/src/manconv_main.c +++ b/src/manconv_main.c @@ -41,11 +41,13 @@ #include "error.h" #include "pipeline.h" #include "decompress.h" +#include "sandbox.h" #include "manconv.h" char *program_name; int quiet = 0; +man_sandbox *sandbox; static const char *from_codes; static char *to_code; @@ -154,6 +156,7 @@ int main (int argc, char *argv[]) init_debug (); pipeline_install_post_fork (pop_all_cleanups); + sandbox = sandbox_init (); init_locale (); if (argp_parse (&argp, argc, argv, 0, 0, 0)) diff --git a/src/mandb.c b/src/mandb.c index ec4f19f5..5728e3f8 100644 --- a/src/mandb.c +++ b/src/mandb.c @@ -64,6 +64,7 @@ #include "cleanup.h" #include "hashtable.h" #include "pipeline.h" +#include "sandbox.h" #include "security.h" #include "mydbm.h" @@ -84,6 +85,8 @@ extern char *user_config_file; /* for manp.c */ #ifdef MAN_OWNER struct passwd *man_owner; #endif +man_sandbox *sandbox; + static int purged = 0; static int strays = 0; @@ -783,6 +786,7 @@ int main (int argc, char *argv[]) init_debug (); pipeline_install_post_fork (pop_all_cleanups); + sandbox = sandbox_init (); init_locale (); #ifdef SIGPIPE diff --git a/src/manpath.c b/src/manpath.c index d4579d3a..5d29fbb4 100644 --- a/src/manpath.c +++ b/src/manpath.c @@ -44,11 +44,13 @@ #include "manconfig.h" #include "error.h" +#include "sandbox.h" #include "manp.h" char *program_name; int quiet = 0; +man_sandbox *sandbox; /* unused, but needed by libman */ static int cat = 0; static int global = 0; diff --git a/src/straycats.c b/src/straycats.c index d3f89b74..4fbd451a 100644 --- a/src/straycats.c +++ b/src/straycats.c @@ -51,6 +51,7 @@ #include "decompress.h" #include "encodings.h" #include "orderfiles.h" +#include "sandbox.h" #include "security.h" #include "mydbm.h" @@ -61,6 +62,8 @@ #include "manconv_client.h" #include "ult_src.h" +extern man_sandbox *sandbox; + static char *catdir, *mandir; static int check_for_stray (MYDBM_FILE dbf) @@ -238,6 +241,7 @@ static int check_for_stray (MYDBM_FILE dbf) col_locale); free (col_locale); } + sandbox_attach (sandbox, col_cmd); pipeline_command (decomp, col_cmd); fullpath = canonicalize_file_name (catdir); diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index 82510e31..c5208a61 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -106,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1533,6 +1534,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ diff --git a/src/whatis.c b/src/whatis.c index 4cf14a5b..9f77465b 100644 --- a/src/whatis.c +++ b/src/whatis.c @@ -71,6 +71,7 @@ #include "wordfnmatch.h" #include "xregcomp.h" #include "encodings.h" +#include "sandbox.h" #include "mydbm.h" #include "db_storage.h" @@ -87,6 +88,7 @@ char *program_name; int am_apropos; char *database; int quiet = 1; +man_sandbox *sandbox; #ifdef HAVE_ICONV iconv_t conv_to_locale; @@ -339,6 +341,7 @@ static void use_grep (const char * const *pages, int num_pages, char *manpath, pipecmd_argstr (grep_cmd, flags); pipecmd_args (grep_cmd, anchored_page, whatis_file, NULL); + sandbox_attach (sandbox, grep_cmd); grep_pl = pipeline_new_commands (grep_cmd, NULL); if (pipeline_run (grep_pl) == 0) @@ -902,6 +905,7 @@ int main (int argc, char *argv[]) init_debug (); pipeline_install_post_fork (pop_all_cleanups); + sandbox = sandbox_init (); init_locale (); internal_locale = setlocale (LC_MESSAGES, NULL); diff --git a/src/zsoelim_main.c b/src/zsoelim_main.c index bf07a87b..c036e1a4 100644 --- a/src/zsoelim_main.c +++ b/src/zsoelim_main.c @@ -44,12 +44,14 @@ #include "error.h" #include "pipeline.h" #include "decompress.h" +#include "sandbox.h" #include "manp.h" #include "zsoelim.h" char *program_name; int quiet = 1; +man_sandbox *sandbox; static char *manpathlist[MAXDIRS]; @@ -108,6 +110,7 @@ int main (int argc, char *argv[]) init_debug (); pipeline_install_post_fork (pop_all_cleanups); + sandbox = sandbox_init (); init_locale (); internal_locale = setlocale (LC_MESSAGES, NULL); diff --git a/tools/Makefile.in b/tools/Makefile.in index 51d85980..f29f1b07 100644 --- a/tools/Makefile.in +++ b/tools/Makefile.in @@ -107,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/man-arg-automatic-create.m4 \ $(top_srcdir)/m4/man-compress-lib.m4 \ $(top_srcdir)/m4/man-gnu-nroff.m4 \ $(top_srcdir)/m4/man-heirloom-nroff.m4 \ + $(top_srcdir)/m4/man-libseccomp.m4 \ $(top_srcdir)/m4/man-linguas.m4 $(top_srcdir)/m4/man-po4a.m4 \ $(top_srcdir)/m4/man-trans-subst.m4 \ $(top_srcdir)/gnulib/m4/00gnulib.m4 \ @@ -1281,6 +1282,8 @@ libdir = @libdir@ libexecdir = @libexecdir@ libpipeline_CFLAGS = @libpipeline_CFLAGS@ libpipeline_LIBS = @libpipeline_LIBS@ +libseccomp_CFLAGS = @libseccomp_CFLAGS@ +libseccomp_LIBS = @libseccomp_LIBS@ lispdir = @lispdir@ localedir = @localedir@ localstatedir = @localstatedir@ |