mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-22 13:25:04 +00:00
Usage of unveil() and pledge() can be disabled from config.
This commit is contained in:
parent
ed6a94ee14
commit
6406877af1
1 changed files with 18 additions and 11 deletions
29
data.c
29
data.c
|
@ -87,17 +87,24 @@ int srv_open(char *basedir, int auto_upgrade)
|
||||||
srv_log(error);
|
srv_log(error);
|
||||||
|
|
||||||
#ifdef __OpenBSD__
|
#ifdef __OpenBSD__
|
||||||
srv_debug(2, xs_fmt("Calling unveil()"));
|
char *v = xs_dict_get(srv_config, "disable_openbsd_security");
|
||||||
unveil(basedir, "rwc");
|
|
||||||
unveil("/usr/sbin/sendmail", "x");
|
if (v && xs_type(v) == XSTYPE_TRUE) {
|
||||||
unveil("/etc/resolv.conf", "r");
|
srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
|
||||||
unveil("/etc/hosts", "r");
|
}
|
||||||
unveil("/etc/ssl/openssl.cnf", "r");
|
else {
|
||||||
unveil("/etc/ssl/cert.pem", "r");
|
srv_debug(1, xs_fmt("Calling unveil()"));
|
||||||
unveil("/usr/share/zoneinfo", "r");
|
unveil(basedir, "rwc");
|
||||||
unveil(NULL, NULL);
|
unveil("/usr/sbin/sendmail", "x");
|
||||||
srv_debug(2, xs_fmt("Calling pledge()"));
|
unveil("/etc/resolv.conf", "r");
|
||||||
pledge("stdio rpath wpath cpath flock inet proc exec dns", NULL);
|
unveil("/etc/hosts", "r");
|
||||||
|
unveil("/etc/ssl/openssl.cnf", "r");
|
||||||
|
unveil("/etc/ssl/cert.pem", "r");
|
||||||
|
unveil("/usr/share/zoneinfo", "r");
|
||||||
|
unveil(NULL, NULL);
|
||||||
|
srv_debug(1, xs_fmt("Calling pledge()"));
|
||||||
|
pledge("stdio rpath wpath cpath flock inet proc exec dns", NULL);
|
||||||
|
}
|
||||||
#endif /* __OpenBSD__ */
|
#endif /* __OpenBSD__ */
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|
Loading…
Reference in a new issue