96 	struct ssh_sandbox *box;  in ssh_sandbox_init()  local
99 	box = xcalloc(1, sizeof(*box));  in ssh_sandbox_init()
100 	box->systrace_fd = -1;  in ssh_sandbox_init()
101 	box->child_pid = 0;  in ssh_sandbox_init()
102 	box->osigchld = signal(SIGCHLD, SIG_IGN);  in ssh_sandbox_init()
104 	return box;  in ssh_sandbox_init()
108 ssh_sandbox_child(struct ssh_sandbox *box)  in ssh_sandbox_child()  argument
111 	signal(SIGCHLD, box->osigchld);  in ssh_sandbox_child()
118 ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,  in ssh_sandbox_parent()  argument
130 	signal(SIGCHLD, box->osigchld);  in ssh_sandbox_parent()
141 	box->child_pid = child_pid;  in ssh_sandbox_parent()
147 	if (ioctl(dev_systrace, STRIOCCLONE, &box->systrace_fd) == -1)  in ssh_sandbox_parent()
151 	debug3("%s: systrace attach, fd=%d", __func__, box->systrace_fd);  in ssh_sandbox_parent()
152 	if (ioctl(box->systrace_fd, STRIOCATTACH, &child_pid) == -1)  in ssh_sandbox_parent()
154 		    box->systrace_fd, child_pid, strerror(errno));  in ssh_sandbox_parent()
160 	if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)  in ssh_sandbox_parent()
162 		    box->systrace_fd, strerror(errno));  in ssh_sandbox_parent()
165 	policy.strp_pid = box->child_pid;  in ssh_sandbox_parent()
166 	if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)  in ssh_sandbox_parent()
168 		    __func__, box->systrace_fd, strerror(errno));  in ssh_sandbox_parent()
185 		if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)  in ssh_sandbox_parent()
187 			    __func__, box->systrace_fd, strerror(errno));  in ssh_sandbox_parent()
192 	if (kill(box->child_pid, SIGCONT) != 0)  in ssh_sandbox_parent()
193 		fatal("%s: kill(%d, SIGCONT)", __func__, box->child_pid);  in ssh_sandbox_parent()
197 ssh_sandbox_parent_finish(struct ssh_sandbox *box)  in ssh_sandbox_parent_finish()  argument
200 	close(box->systrace_fd);  in ssh_sandbox_parent_finish()
202 	free(box);  in ssh_sandbox_parent_finish()
207 ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)  in ssh_sandbox_parent_preauth()  argument
209 	ssh_sandbox_parent(box, child_pid, preauth_policy);  in ssh_sandbox_parent_preauth()