mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-22 13:25:04 +00:00
Tweaked unveil() / pledge() to deal with UNIX sockets.
This commit is contained in:
parent
54edf4e9d8
commit
b856664663
1 changed files with 15 additions and 7 deletions
22
data.c
22
data.c
|
@ -114,13 +114,12 @@ int srv_open(const char *basedir, int auto_upgrade)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef __OpenBSD__
|
#ifdef __OpenBSD__
|
||||||
const char *v = xs_dict_get(srv_config, "disable_openbsd_security");
|
if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
|
||||||
|
|
||||||
if (v && xs_type(v) == XSTYPE_TRUE) {
|
|
||||||
srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
|
srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;
|
int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
|
||||||
|
const char *address = xs_dict_get(srv_config, "address");
|
||||||
|
|
||||||
srv_debug(1, xs_fmt("Calling unveil()"));
|
srv_debug(1, xs_fmt("Calling unveil()"));
|
||||||
unveil(basedir, "rwc");
|
unveil(basedir, "rwc");
|
||||||
|
@ -134,13 +133,22 @@ int srv_open(const char *basedir, int auto_upgrade)
|
||||||
if (smail)
|
if (smail)
|
||||||
unveil("/usr/sbin/sendmail", "x");
|
unveil("/usr/sbin/sendmail", "x");
|
||||||
|
|
||||||
|
if (*address == '/')
|
||||||
|
unveil(address, "rwc");
|
||||||
|
|
||||||
unveil(NULL, NULL);
|
unveil(NULL, NULL);
|
||||||
|
|
||||||
srv_debug(1, xs_fmt("Calling pledge()"));
|
srv_debug(1, xs_fmt("Calling pledge()"));
|
||||||
|
|
||||||
|
xs *p = xs_str_new("stdio rpath wpath cpath flock inet proc dns fattr");
|
||||||
|
|
||||||
if (smail)
|
if (smail)
|
||||||
pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
|
p = xs_str_cat(p, " exec");
|
||||||
else
|
|
||||||
pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);
|
if (*address == '/')
|
||||||
|
p = xs_str_cat(p, " unix");
|
||||||
|
|
||||||
|
pledge(p, NULL);
|
||||||
}
|
}
|
||||||
#endif /* __OpenBSD__ */
|
#endif /* __OpenBSD__ */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue