libseccomp is now optional but still recommended

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

4 files changed, 42 insertions, 2 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 9992659..1ac657b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,2 +1,5 @@
 sbin_PROGRAMS = potd
-potd_SOURCES = utils.c options.c log.c log_colored.c log_file.c socket.c pevent.c capabilities.c pseccomp.c filesystem.c jail.c forward.c redirector.c protocol.c protocol_ssh.c main.c
+potd_SOURCES = utils.c options.c log.c log_colored.c log_file.c socket.c pevent.c capabilities.c filesystem.c jail.c forward.c redirector.c protocol.c protocol_ssh.c main.c
+if HAVE_SECCOMP
+potd_SOURCES += pseccomp.c
+endif
diff --git a/src/jail.c b/src/jail.c
index 23d8d4d..832d6c8 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -1,3 +1,7 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <sched.h>
@@ -13,7 +17,9 @@
 
 #include "jail.h"
 #include "socket.h"
+#ifdef HAVE_SECCOMP
 #include "pseccomp.h"
+#endif
 #include "capabilities.h"
 #include "filesystem.h"
 #include "utils.h"
@@ -261,7 +267,9 @@ static int jail_childfn(prisoner_process *ctx)
         CLONE_NEWNS/*|CLONE_NEWUSER*/;
     //unsigned int ug_map[3] = { 0, 10000, 65535 };
     pid_t self_pid, child_pid;
+#ifdef HAVE_SECCOMP
     pseccomp_ctx *psc = NULL;
+#endif
 
     assert(ctx);
     self_pid = getpid();
@@ -285,7 +293,6 @@ static int jail_childfn(prisoner_process *ctx)
             FATAL("Setup network namespace for pid %d", self_pid);
 
     caps_drop_dac_override(0);
-    //caps_drop_all(); /* TODO: If seccomp not avail, drop all caps! */
 
     D2("Unshare prisoner %d", self_pid);
     if (unshare(unshare_flags))
@@ -391,12 +398,18 @@ static int jail_childfn(prisoner_process *ctx)
                 " -----------------------------------------------------\n"
             );
 
+#ifdef HAVE_SECCOMP
             pseccomp_set_immutable();
             pseccomp_init(&psc,
                 (getopt_used(OPT_SECCOMP_MINIMAL) ? PS_MINIMUM : 0));
             if (pseccomp_jail_rules(psc))
                 FATAL("%s", "SECCOMP: adding jail rules");
             pseccomp_free(&psc);
+#else
+            /* libseccomp is not available, so drop at least all caps */
+            W2("%s", "Compiled without libseccomp, dropping ALL capabilities");
+            caps_drop_all();
+#endif
 
             sethostname("openwrt", SIZEOF("openwrt"));
             if (execl(path_shell, path_shell, (char *) NULL))
diff --git a/src/main.c b/src/main.c
index 235a0f5..7fe4884 100644
--- a/src/main.c
+++ b/src/main.c
@@ -7,7 +7,9 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 
+#ifdef HAVE_SECCOMP
 #include "pseccomp.h"
+#endif
 #include "capabilities.h"
 #include "log.h"
 #include "log_colored.h"
@@ -285,7 +287,9 @@ int main(int argc, char *argv[])
     char *value;
     int proc_status;
     pid_t daemon_pid, child_pid;
+#ifdef HAVE_SECCOMP
     pseccomp_ctx *psc = NULL;
+#endif
 
     (void) argc;
     (void) argv;
@@ -341,11 +345,15 @@ int main(int argc, char *argv[])
     }
 
     caps_default_filter();
+#ifdef HAVE_SECCOMP
     pseccomp_init(&psc,
         (getopt_used(OPT_SECCOMP_MINIMAL) ? PS_MINIMUM : 0));
     if (pseccomp_default_rules(psc))
         FATAL("%s", "SECCOMP: adding default rules");
     pseccomp_free(&psc);
+#else
+    W("%s", "Compiled without libseccomp, this may have a security impact.");
+#endif
 
     D("%s", "Forking into background/foreground");
     daemon_pid = daemonize(!getopt_used(OPT_DAEMON));
diff --git a/src/protocol_ssh.c b/src/protocol_ssh.c
index 2ae0a07..bc33e66 100644
--- a/src/protocol_ssh.c
+++ b/src/protocol_ssh.c
@@ -1,3 +1,7 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <assert.h>
@@ -13,7 +17,9 @@
 
 #include "protocol_ssh.h"
 #include "protocol.h"
+#ifdef HAVE_SECCOMP
 #include "pseccomp.h"
+#endif
 #include "options.h"
 #include "utils.h"
 #include "log.h"
@@ -126,7 +132,9 @@ int ssh_on_listen(protocol_ctx *ctx)
     pid_t p;
     int s;
     ssh_data *d = (ssh_data *) ctx->src.data;
+#ifdef HAVE_SECCOMP
     pseccomp_ctx *psc = NULL;
+#endif
 
     if (ssh_bind_options_set(d->sshbind, SSH_BIND_OPTIONS_BINDADDR,
                              ctx->src.host_buf))
@@ -153,10 +161,12 @@ int ssh_on_listen(protocol_ctx *ctx)
                 ssh_bind_get_fd(d->sshbind));
             return 1;
         case 0:
+#ifdef HAVE_SECCOMP
             pseccomp_set_immutable();
             pseccomp_init(&psc, PS_ALLOW|PS_MINIMUM);
             s = pseccomp_protocol_rules(psc);
             pseccomp_free(&psc);
+#endif
             if (s) {
                 E_STRERR("%s", "Could not add seccomp rules");
                 return -1;
@@ -346,6 +356,9 @@ static int gen_export_sshkey(enum ssh_keytypes_e type, int length, const char *p
 static void ssh_log_cb(int priority, const char *function,
                        const char *buffer, void *userdata)
 {
+    (void) function;
+    (void) userdata;
+
     switch (priority) {
         case 0:
             W("libssh: %s", buffer);
@@ -538,6 +551,9 @@ static int authenticate(ssh_session session)
 
 static int auth_password(const char *user, const char *password)
 {
+    (void) user;
+    (void) password;
+
 /*
     if(strcmp(user, SSHD_USER))
         return 0;