Use generic AC_SYS_LARGEFILE instead of custom _FILE_OFFSET_BITS hack

+captive-sandbox-server chroot/setuid security isolation

diff --git a/configure.in b/configure.in
index 36c695f..ba4cfbc 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -23,6 +23,7 @@ AM_MAINTAINER_MODE
 #AM_ACLOCAL_INCLUDE(macros)
 dnl Prevent "AC_TRY_COMPILE was called before AC_ISC_POSIX":
 AC_ISC_POSIX
+AC_SYS_LARGEFILE
 AC_PROG_CC
 AM_PROG_AS
 AM_ENABLE_STATIC
@@ -53,6 +54,24 @@ if test "$USE_MAINTAINER_MODE" = "yes";then
 dnl Some Makefiles use additional tests etc.
 AM_CONDITIONAL(MAINTAINER_MODE,[test "$USE_MAINTAINER_MODE" = "yes"])
 
+AC_ARG_WITH(sandbox-setuid,
+               [  --with-sandbox-setuid=user    non-privileged user  for captive-sandbox-server (def.=captive)],
+               [ CAPTIVE_SANDBOX_SETUID="$withval" ],[ CAPTIVE_SANDBOX_SETUID="captive" ])
+AC_DEFINE_UNQUOTED(CAPTIVE_SANDBOX_SETUID,"$CAPTIVE_SANDBOX_SETUID",
+               [non-privileged user  for captive-sandbox-server])
+
+AC_ARG_WITH(sandbox-setgid,
+               [  --with-sandbox-setgid=group   non-privileged group for captive-sandbox-server (def.=captive)],
+               [ CAPTIVE_SANDBOX_SETGID="$withval" ],[ CAPTIVE_SANDBOX_SETGID="captive" ])
+AC_DEFINE_UNQUOTED(CAPTIVE_SANDBOX_SETGID,"$CAPTIVE_SANDBOX_SETGID",
+               [non-privileged group for captive-sandbox-server])
+
+AC_ARG_WITH(sandbox-chroot,
+               [  --with-sandbox-chroot=dir     root-owned directory for captive-sandbox-server (def.=/var/lib/captive)],
+               [ CAPTIVE_SANDBOX_CHROOT="$withval" ],[ CAPTIVE_SANDBOX_CHROOT="/var/lib/captive" ])
+AC_DEFINE_UNQUOTED(CAPTIVE_SANDBOX_CHROOT,"$CAPTIVE_SANDBOX_CHROOT",
+               [root-owned directory for captive-sandbox-server])
+
 dnl Permit 'if IS_FALSE' for Makefile.am-s; symbol 'FALSE' forbidden by automake
 AM_CONDITIONAL(IS_FALSE,false)
 
@@ -60,21 +79,12 @@ dnl Separate 'acconfig.h' is no longer recommended by autoconf
 AH_TOP([
 #ifndef _CAPTIVE_CONFIG_H
 #define _CAPTIVE_CONFIG_H 1
-
-#include <glib/gtypes.h>       /* for 'gchar' */
-#define G_LOG_DOMAIN ((const gchar *)"Captive")
-
-/* Supplemental definitions not possible in this file. */
-#ifdef LIBCAPTIVE
-#include "captive/config2.h"
-#endif
 ])
 AH_BOTTOM([
-#endif /* !_CAPTIVE_CONFIG_H */
-])
+/* Do not place any stuff to AH_TOP as some of its includes
+ * would discard the effect of _FILE_OFFSET_BITS by AC_SYS_LARGEFILE.
+ */
 
-dnl ENABLE_NLS_HOOK name to guarantee inclusion AFTER '#undef ENABLE_NLS'
-AH_VERBATIM([ENABLE_NLS_HOOK],[
 #ifdef ENABLE_NLS
 /* <libintl.h> is taken from "$(top_srcdir)/intl" if system doesn't provide intl */
 #      include <libintl.h>
@@ -98,6 +108,16 @@ AH_VERBATIM([ENABLE_NLS_HOOK],[
 #      define _(String) (String)
 #      define N_(String) (String)
 #endif /* !ENABLE_NLS */
+
+#include <glib/gtypes.h>       /* for 'gchar' */
+#define G_LOG_DOMAIN ((const gchar *)"Captive")
+
+/* Supplemental definitions not possible in this file. */
+#ifdef LIBCAPTIVE
+#include "captive/config2.h"
+#endif
+
+#endif /* !_CAPTIVE_CONFIG_H */
 ])
 
 AM_PATH_GLIB_2_0(,,[AC_MSG_ERROR([Captive requires glib-2.0 library.])],[gmodule gobject])