From: Darren Tucker <dtucker@dtucker.net>
Date: Fri, 19 Nov 2021 05:01:51 +0000 (+1100)
Subject: Don't auto-enable Capsicum sandbox on FreeBSD 9/10.
X-Git-Tag: V_8_9_P1~171
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=04b172da5b96a51b0d55c905b423ababff9f4e0b;p=thirdparty%2Fopenssh-portable.git

Don't auto-enable Capsicum sandbox on FreeBSD 9/10.

Since we changed from select() to ppoll() tests have been failing.
This seems to be because FreeBSD 10 (and presumably 9) do not allow
ppoll() in the privsep process and sshd will fail with "Not permitted in
capability mode".  Setting CAP_EVENT on the FDs doesn't help, but weirdly,
poll() works without that.  Those versions are EOL so this situation is
unlikely to change.
---

diff --git a/configure.ac b/configure.ac
index a159d9f07..ddb6c5b11 100644
--- a/configure.ac
+++ b/configure.ac
@@ -994,6 +994,11 @@ mips-sony-bsd|mips-sony-newsos4)
 	# and will crash if they cannot be opened.
 	AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
 	    [define if setrlimit RLIMIT_NOFILE breaks things])
+	case "$host" in
+	*-*-freebsd9.*|*-*-freebsd10.*)
+		# Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
+		disable_capsicum=yes
+	esac
 	;;
 *-*-bsdi*)
 	AC_DEFINE([SETEUID_BREAKS_SETUID])
@@ -3654,6 +3659,7 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \
 	AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
 elif test "x$sandbox_arg" = "xcapsicum" || \
      ( test -z "$sandbox_arg" && \
+       test "x$disable_capsicum" != "xyes" && \
        test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
        test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
        test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \