mirror of https://git.tukaani.org/xz.git
CMake: Move the sandbox code out of the liblzma section
Sandboxing is for the command line tools, not liblzma. No functional changes.
This commit is contained in:
parent
75ce4797d4
commit
94d062dbac
214
CMakeLists.txt
214
CMakeLists.txt
|
@ -1065,113 +1065,6 @@ if(XZ_LZIP_DECODER)
|
|||
)
|
||||
endif()
|
||||
|
||||
|
||||
##############
|
||||
# Sandboxing #
|
||||
##############
|
||||
|
||||
# auto Use sandboxing if a supported method is available in the OS.
|
||||
# no Disable sandboxing.
|
||||
# capsicum Require Capsicum (FreeBSD >= 10.2) and fail if not found.
|
||||
# pledge Require pledge(2) (OpenBSD >= 5.9) and fail if not found.
|
||||
# landlock Require Landlock (Linux >= 5.13) and fail if not found.
|
||||
set(SUPPORTED_SANDBOX_METHODS auto no capsicum pledge landlock)
|
||||
|
||||
set(XZ_SANDBOX auto CACHE STRING
|
||||
"Sandboxing method to use in 'xz', 'xzdec', and 'lzmadec'")
|
||||
|
||||
set_property(CACHE XZ_SANDBOX PROPERTY STRINGS "${SUPPORTED_SANDBOX_METHODS}")
|
||||
|
||||
if(NOT XZ_SANDBOX IN_LIST SUPPORTED_SANDBOX_METHODS)
|
||||
message(FATAL_ERROR "'${XZ_SANDBOX}' is not a supported "
|
||||
"sandboxing method")
|
||||
endif()
|
||||
|
||||
# When autodetecting, the search order is fixed and we must not find
|
||||
# more than one method.
|
||||
if(XZ_SANDBOX STREQUAL "no")
|
||||
set(SANDBOX_FOUND ON)
|
||||
else()
|
||||
set(SANDBOX_FOUND OFF)
|
||||
endif()
|
||||
|
||||
# Since xz and xzdec can both use sandboxing, the compile definition needed
|
||||
# to use the sandbox must be added to both targets.
|
||||
set(SANDBOX_COMPILE_DEFINITION OFF)
|
||||
|
||||
# Sandboxing: Capsicum
|
||||
if(NOT SANDBOX_FOUND AND XZ_SANDBOX MATCHES "^auto$|^capsicum$")
|
||||
check_symbol_exists(cap_rights_limit sys/capsicum.h
|
||||
HAVE_CAP_RIGHTS_LIMIT)
|
||||
if(HAVE_CAP_RIGHTS_LIMIT)
|
||||
set(SANDBOX_COMPILE_DEFINITION "HAVE_CAP_RIGHTS_LIMIT")
|
||||
set(SANDBOX_FOUND ON)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Sandboxing: pledge(2)
|
||||
if(NOT SANDBOX_FOUND AND XZ_SANDBOX MATCHES "^auto$|^pledge$")
|
||||
check_symbol_exists(pledge unistd.h HAVE_PLEDGE)
|
||||
if(HAVE_PLEDGE)
|
||||
set(SANDBOX_COMPILE_DEFINITION "HAVE_PLEDGE")
|
||||
set(SANDBOX_FOUND ON)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Sandboxing: Landlock
|
||||
if(NOT SANDBOX_FOUND AND XZ_SANDBOX MATCHES "^auto$|^landlock$")
|
||||
# A compile check is done here because some systems have
|
||||
# linux/landlock.h, but do not have the syscalls defined
|
||||
# in order to actually use Linux Landlock.
|
||||
check_c_source_compiles("
|
||||
#include <linux/landlock.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <sys/prctl.h>
|
||||
|
||||
void my_sandbox(void)
|
||||
{
|
||||
(void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
|
||||
(void)SYS_landlock_create_ruleset;
|
||||
(void)SYS_landlock_restrict_self;
|
||||
(void)LANDLOCK_CREATE_RULESET_VERSION;
|
||||
return;
|
||||
}
|
||||
|
||||
int main(void) { return 0; }
|
||||
"
|
||||
HAVE_LINUX_LANDLOCK)
|
||||
|
||||
if(HAVE_LINUX_LANDLOCK)
|
||||
set(SANDBOX_COMPILE_DEFINITION "HAVE_LINUX_LANDLOCK")
|
||||
set(SANDBOX_FOUND ON)
|
||||
|
||||
# Of our three sandbox methods, only Landlock is incompatible
|
||||
# with -fsanitize. FreeBSD 13.2 with Capsicum was tested with
|
||||
# -fsanitize=address,undefined and had no issues. OpenBSD (as
|
||||
# of version 7.4) has minimal support for process instrumentation.
|
||||
# OpenBSD does not distribute the additional libraries needed
|
||||
# (libasan, libubsan, etc.) with GCC or Clang needed for runtime
|
||||
# sanitization support and instead only support
|
||||
# -fsanitize-minimal-runtime for minimal undefined behavior
|
||||
# sanitization. This minimal support is compatible with our use
|
||||
# of the Pledge sandbox. So only Landlock will result in a
|
||||
# build that cannot compress or decompress a single file to
|
||||
# standard out.
|
||||
if(CMAKE_C_FLAGS MATCHES "-fsanitize=")
|
||||
message(SEND_ERROR
|
||||
"CMAKE_C_FLAGS or the environment variable CFLAGS "
|
||||
"contains '-fsanitize=' which is incompatible "
|
||||
"with Landlock sandboxing. Use -DXZ_SANDBOX=no "
|
||||
"as an argument to 'cmake' when using '-fsanitize'.")
|
||||
endif()
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(NOT SANDBOX_FOUND AND NOT XZ_SANDBOX MATCHES "^auto$|^no$")
|
||||
message(SEND_ERROR "XZ_SANDBOX=${XZ_SANDBOX} was used but "
|
||||
"support for the sandboxing method wasn't found.")
|
||||
endif()
|
||||
|
||||
###
|
||||
|
||||
# Put the tuklib functions under the lzma_ namespace.
|
||||
|
@ -1701,6 +1594,113 @@ if(NOT HAVE_GETOPT_LONG)
|
|||
endif()
|
||||
|
||||
|
||||
#############################################################################
|
||||
# Sandboxing for the command line tools
|
||||
#############################################################################
|
||||
|
||||
# auto Use sandboxing if a supported method is available in the OS.
|
||||
# no Disable sandboxing.
|
||||
# capsicum Require Capsicum (FreeBSD >= 10.2) and fail if not found.
|
||||
# pledge Require pledge(2) (OpenBSD >= 5.9) and fail if not found.
|
||||
# landlock Require Landlock (Linux >= 5.13) and fail if not found.
|
||||
set(SUPPORTED_SANDBOX_METHODS auto no capsicum pledge landlock)
|
||||
|
||||
set(XZ_SANDBOX auto CACHE STRING
|
||||
"Sandboxing method to use in 'xz', 'xzdec', and 'lzmadec'")
|
||||
|
||||
set_property(CACHE XZ_SANDBOX PROPERTY STRINGS "${SUPPORTED_SANDBOX_METHODS}")
|
||||
|
||||
if(NOT XZ_SANDBOX IN_LIST SUPPORTED_SANDBOX_METHODS)
|
||||
message(FATAL_ERROR "'${XZ_SANDBOX}' is not a supported "
|
||||
"sandboxing method")
|
||||
endif()
|
||||
|
||||
# When autodetecting, the search order is fixed and we must not find
|
||||
# more than one method.
|
||||
if(XZ_SANDBOX STREQUAL "no")
|
||||
set(SANDBOX_FOUND ON)
|
||||
else()
|
||||
set(SANDBOX_FOUND OFF)
|
||||
endif()
|
||||
|
||||
# Since xz and xzdec can both use sandboxing, the compile definition needed
|
||||
# to use the sandbox must be added to both targets.
|
||||
set(SANDBOX_COMPILE_DEFINITION OFF)
|
||||
|
||||
# Sandboxing: Capsicum
|
||||
if(NOT SANDBOX_FOUND AND XZ_SANDBOX MATCHES "^auto$|^capsicum$")
|
||||
check_symbol_exists(cap_rights_limit sys/capsicum.h
|
||||
HAVE_CAP_RIGHTS_LIMIT)
|
||||
if(HAVE_CAP_RIGHTS_LIMIT)
|
||||
set(SANDBOX_COMPILE_DEFINITION "HAVE_CAP_RIGHTS_LIMIT")
|
||||
set(SANDBOX_FOUND ON)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Sandboxing: pledge(2)
|
||||
if(NOT SANDBOX_FOUND AND XZ_SANDBOX MATCHES "^auto$|^pledge$")
|
||||
check_symbol_exists(pledge unistd.h HAVE_PLEDGE)
|
||||
if(HAVE_PLEDGE)
|
||||
set(SANDBOX_COMPILE_DEFINITION "HAVE_PLEDGE")
|
||||
set(SANDBOX_FOUND ON)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Sandboxing: Landlock
|
||||
if(NOT SANDBOX_FOUND AND XZ_SANDBOX MATCHES "^auto$|^landlock$")
|
||||
# A compile check is done here because some systems have
|
||||
# linux/landlock.h, but do not have the syscalls defined
|
||||
# in order to actually use Linux Landlock.
|
||||
check_c_source_compiles("
|
||||
#include <linux/landlock.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <sys/prctl.h>
|
||||
|
||||
void my_sandbox(void)
|
||||
{
|
||||
(void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
|
||||
(void)SYS_landlock_create_ruleset;
|
||||
(void)SYS_landlock_restrict_self;
|
||||
(void)LANDLOCK_CREATE_RULESET_VERSION;
|
||||
return;
|
||||
}
|
||||
|
||||
int main(void) { return 0; }
|
||||
"
|
||||
HAVE_LINUX_LANDLOCK)
|
||||
|
||||
if(HAVE_LINUX_LANDLOCK)
|
||||
set(SANDBOX_COMPILE_DEFINITION "HAVE_LINUX_LANDLOCK")
|
||||
set(SANDBOX_FOUND ON)
|
||||
|
||||
# Of our three sandbox methods, only Landlock is incompatible
|
||||
# with -fsanitize. FreeBSD 13.2 with Capsicum was tested with
|
||||
# -fsanitize=address,undefined and had no issues. OpenBSD (as
|
||||
# of version 7.4) has minimal support for process instrumentation.
|
||||
# OpenBSD does not distribute the additional libraries needed
|
||||
# (libasan, libubsan, etc.) with GCC or Clang needed for runtime
|
||||
# sanitization support and instead only support
|
||||
# -fsanitize-minimal-runtime for minimal undefined behavior
|
||||
# sanitization. This minimal support is compatible with our use
|
||||
# of the Pledge sandbox. So only Landlock will result in a
|
||||
# build that cannot compress or decompress a single file to
|
||||
# standard out.
|
||||
if(CMAKE_C_FLAGS MATCHES "-fsanitize=")
|
||||
message(SEND_ERROR
|
||||
"CMAKE_C_FLAGS or the environment variable CFLAGS "
|
||||
"contains '-fsanitize=' which is incompatible "
|
||||
"with Landlock sandboxing. Use -DXZ_SANDBOX=no "
|
||||
"as an argument to 'cmake' when using '-fsanitize'.")
|
||||
endif()
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(NOT SANDBOX_FOUND AND NOT XZ_SANDBOX MATCHES "^auto$|^no$")
|
||||
message(SEND_ERROR "XZ_SANDBOX=${XZ_SANDBOX} was used but "
|
||||
"support for the sandboxing method wasn't found.")
|
||||
endif()
|
||||
|
||||
|
||||
#############################################################################
|
||||
# xzdec and lzmadec
|
||||
#############################################################################
|
||||
|
|
Loading…
Reference in New Issue