[tcpdump-workers] Fix FreeBSD capsicum build on FreeBSD 10.1
Hi guys, Support for FreeBSD capsicum doesn't work on FreeBSD 10.1, due to cap_rights_init which returns a struct, instead of an int. I think that we should follow OpenSSH and not test cap_rights_init. Would it also be possible to add this to the next 4.6.x release as a bugfix ? Kind regards, //Logan C-x-C-c Below is a proposed diff: diff --git a/configure.in b/configure.in index d0e90dd..ecfee64 100644 --- a/configure.in +++ b/configure.in @@ -208,7 +208,7 @@ AC_ARG_WITH(sandbox-capsicum, # All of them must be available in order to enable capsicum sandboxing. # if test ! -z "$with_sandbox-capsicum" && test "$with_sandbox-capsicum" != "no" ; then - AC_CHECK_FUNCS(cap_enter cap_rights_init cap_rights_limit cap_ioctls_limit openat, + AC_CHECK_FUNCS(cap_enter cap_rights_limit cap_ioctls_limit openat, ac_lbl_capsicum_function_seen=yes, ac_lbl_capsicum_function_not_seen=yes) fi ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Fix FreeBSD capsicum build on FreeBSD 10.1
On Dec 6, 2014, at 6:51 AM, Loganaden Velvindron wrote: > Support for FreeBSD capsicum doesn't work on FreeBSD 10.1, due to > cap_rights_init which returns a struct, instead of an int. Did its return value change in FreeBSD 10? (Presumably it didn't change between 10 and 10.1.) > I think that we should follow OpenSSH and not test cap_rights_init. If there are no systems that offer Capsicum but that don't have cap_rights_init(), there's no need to check for it. The comment there is # # Check whether various functions are available. If any are, set # ac_lbl_capsicum_function_seen to yes; if any are not, set # ac_lbl_capsicum_function_not_seen to yes. # # All of them must be available in order to enable capsicum sandboxing. # but, if there aren't any systems that have some but not all, testing for all of them is overkill. However, AC_CHECK_FUNCS is intended not to care what type a function returns - unless a header is included that declares a function, it gets declared within the test program as returning char, so the compiler shouldn't choke on returning its value from main(). Is this failing due to the *linker* rejecting it because of mismatched function signatures? ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Fix FreeBSD capsicum build on FreeBSD 10.1
On Sat, Dec 06, 2014 at 12:40:57PM -0800, Guy Harris wrote:
>
> On Dec 6, 2014, at 6:51 AM, Loganaden Velvindron wrote:
>
> > Support for FreeBSD capsicum doesn't work on FreeBSD 10.1, due to
> > cap_rights_init which returns a struct, instead of an int.
>
> Did its return value change in FreeBSD 10? (Presumably it didn't change
> between 10 and 10.1.)
>
No it didn't.
> > I think that we should follow OpenSSH and not test cap_rights_init.
>
> If there are no systems that offer Capsicum but that don't have
> cap_rights_init(), there's no need to check for it.
Agreed.
>
> The comment there is
>
> #
> # Check whether various functions are available. If any are, set
> # ac_lbl_capsicum_function_seen to yes; if any are not, set
> # ac_lbl_capsicum_function_not_seen to yes.
> #
> # All of them must be available in order to enable capsicum sandboxing.
> #
>
> but, if there aren't any systems that have some but not all, testing for all
> of them is overkill.
>
> However, AC_CHECK_FUNCS is intended not to care what type a function returns
> - unless a header is included that declares a function, it gets declared
> within the test program as returning char, so the compiler shouldn't choke on
> returning its value from main(). Is this failing due to the *linker*
> rejecting it because of mismatched function signatures?
>
Here's the config.log output:
configure:4540: checking for cap_rights_init
configure:4540: cc -o conftest -g -O2 conftest.c >&5
/tmp/conftest-942ee0.o: In function `main':
/root/tcpdump/tcpdump-4.6.2/conftest.c:66: undefined reference to `cap_rights_in
it'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
configure:4540: $? = 1
configure: failed program was:
| /* Define cap_rights_init to an innocuous variant, in case declares
cap_rights_init.
|For example, HP-UX 11i declares gettimeofday. */
| #define cap_rights_init innocuous_cap_rights_init
|
| /* System header to define __stub macros and hopefully few prototypes,
| which can conflict with char cap_rights_init (); below.
| Prefer to if __STDC__ is defined, since
| exists even on freestanding compilers. */
|
| #ifdef __STDC__
| # include
| #else
| # include
| #endif
|
| #undef cap_rights_init
| /* Override any GCC internal prototype to avoid an error.
|Use char because int might match the return type of a GCC
|builtin and then its argument prototype would still apply. */
| #ifdef __cplusplus
| extern "C"
| #endif
| char cap_rights_init ();
| /* The GNU C library defines this for functions which it implements
| to always fail with ENOSYS. Some functions are actually named
| something starting with __ and the normal name is an alias. */
| #if defined __stub_cap_rights_init || defined __stub___cap_rights_init
| choke me
| #endif
|
| int
| main ()
| {
| return cap_rights_init ();
| ;
| return 0;
| }
configure:4540: result: no
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Fix FreeBSD capsicum build on FreeBSD 10.1
On Dec 6, 2014, at 9:19 PM, Loganaden Velvindron wrote: > Here's the config.log output: > > configure:4540: checking for cap_rights_init > configure:4540: cc -o conftest -g -O2 conftest.c >&5 > /tmp/conftest-942ee0.o: In function `main': > /root/tcpdump/tcpdump-4.6.2/conftest.c:66: undefined reference to > `cap_rights_init' > cc: error: linker command failed with exit code 1 (use -v to see invocation) So, in FreeBSD 10.1, is cap_rights_init() a function in libc, or is it a macro that calls a function with a different name? The linker seems to be indicating that it's not present in the standard library. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Fix FreeBSD capsicum build on FreeBSD 10.1
On Sat, Dec 06, 2014 at 11:41:51PM -0800, Guy Harris wrote: > > On Dec 6, 2014, at 9:19 PM, Loganaden Velvindron wrote: > > > Here's the config.log output: > > > > configure:4540: checking for cap_rights_init > > configure:4540: cc -o conftest -g -O2 conftest.c >&5 > > /tmp/conftest-942ee0.o: In function `main': > > /root/tcpdump/tcpdump-4.6.2/conftest.c:66: undefined reference to > > `cap_rights_init' > > cc: error: linker command failed with exit code 1 (use -v to see invocation) > > So, in FreeBSD 10.1, is cap_rights_init() a function in libc, or is it a > macro that calls a function with a different name? The linker seems to be > indicating that it's not present in the standard library. According to the man page, it's part of the standard libc: CAP_RIGHTS_INIT(3) FreeBSD Library Functions Manual CAP_RIGHTS_INIT(3) NAME cap_rights_init, cap_rights_set, cap_rights_clear, cap_rights_is_set, cap_rights_is_valid, cap_rights_merge, cap_rights_remove, cap_rights_contains -- manage cap_rights_t structure LIBRARY Standard C Library (libc, -lc) > > ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
