1 From 98fa54cc412790040fa5232fffae6c82e5c78022 Mon Sep 17 00:00:00 2001
   2 From: Alex Wilson <alex.wilson@joyent.com>
   3 Date: Tue, 22 Dec 2015 17:42:12 -0800
   4 Subject: [PATCH 36/36] Default to enabling "sandbox" when built
   5  --with-sandbox=solaris
   6 
   7 The Solaris priv sandbox should be enabled by default, to preserve
   8 old behaviour, and also because it does not have any significant
   9 negative impacts on performance or otherwise.
  10 ---
  11  servconf.c | 8 ++++++++
  12  1 file changed, 8 insertions(+)
  13 
  14 diff --git a/servconf.c b/servconf.c
  15 index 245f2fd..5709978 100644
  16 --- a/servconf.c
  17 +++ b/servconf.c
  18 @@ -472,7 +472,11 @@ fill_default_server_options(ServerOptions *options)
  19  
  20         /* Turn privilege separation on by default */
  21         if (use_privsep == -1)
  22 +#ifdef USE_SOLARIS_PRIVS
  23 +               use_privsep = PRIVSEP_ON;
  24 +#else
  25                 use_privsep = PRIVSEP_NOSANDBOX;
  26 +#endif
  27  
  28  #define CLEAR_ON_NONE(v) \
  29         do { \
  30 @@ -1108,7 +1112,11 @@ static const struct multistate multistate_gatewayports[] = {
  31         { NULL, -1 }
  32  };
  33  static const struct multistate multistate_privsep[] = {
  34 +#ifdef USE_SOLARIS_PRIVS
  35 +       { "yes",                        PRIVSEP_ON },
  36 +#else
  37         { "yes",                        PRIVSEP_NOSANDBOX },
  38 +#endif
  39         { "sandbox",                    PRIVSEP_ON },
  40         { "nosandbox",                  PRIVSEP_NOSANDBOX },
  41         { "no",                         PRIVSEP_OFF },
  42 -- 
  43 2.5.4 (Apple Git-61)
  44