summaryrefslogtreecommitdiff
path: root/sandbox.c
diff options
context:
space:
mode:
authorGravatar ltning2025-01-27 18:07:00 +0000
committerGravatar ltning2025-01-27 18:07:00 +0000
commitf6044d3aa0241a832b0ad1d2c394c0a1b814dbe3 (patch)
tree72334e7a24b997957d201490681552b6b1ad2e2f /sandbox.c
parentAdd short_description_raw option (diff)
parentFixed crash in the notification area after deleting a post. (diff)
downloadpenes-snac2-f6044d3aa0241a832b0ad1d2c394c0a1b814dbe3.tar.gz
penes-snac2-f6044d3aa0241a832b0ad1d2c394c0a1b814dbe3.tar.xz
penes-snac2-f6044d3aa0241a832b0ad1d2c394c0a1b814dbe3.zip
Merge branch 'master' into master
Diffstat (limited to 'sandbox.c')
-rw-r--r--sandbox.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/sandbox.c b/sandbox.c
index cbe0043..0fc48ad 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -71,15 +71,22 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
71 LANDLOCK_ACCESS_FS_REFER_COMPAT, 71 LANDLOCK_ACCESS_FS_REFER_COMPAT,
72 s = LANDLOCK_ACCESS_FS_MAKE_SOCK, 72 s = LANDLOCK_ACCESS_FS_MAKE_SOCK,
73 x = LANDLOCK_ACCESS_FS_EXECUTE; 73 x = LANDLOCK_ACCESS_FS_EXECUTE;
74 char *resolved_path = NULL;
74 75
75 LL_PATH(basedir, rf|rd|w|c); 76 LL_PATH(basedir, rf|rd|w|c);
76 LL_PATH("/tmp", rf|rd|w|c); 77 LL_PATH("/tmp", rf|rd|w|c);
77#ifndef WITHOUT_SHM 78#ifndef WITHOUT_SHM
78 LL_PATH("/dev/shm", rf|w|c ); 79 LL_PATH("/dev/shm", rf|w|c );
79#endif 80#endif
81 LL_PATH("/dev/urandom", rf );
80 LL_PATH("/etc/resolv.conf", rf ); 82 LL_PATH("/etc/resolv.conf", rf );
81 LL_PATH("/etc/hosts", rf ); 83 LL_PATH("/etc/hosts", rf );
82 LL_PATH("/etc/ssl", rf ); 84 LL_PATH("/etc/ssl", rf|rd );
85 if ((resolved_path = realpath("/etc/ssl/cert.pem", NULL))) {
86 /* some distros like cert.pem to be a symlink */
87 LL_PATH(resolved_path, rf );
88 free(resolved_path);
89 }
83 LL_PATH("/usr/share/zoneinfo", rf ); 90 LL_PATH("/usr/share/zoneinfo", rf );
84 91
85 if (mtime("/etc/pki") > 0) 92 if (mtime("/etc/pki") > 0)
HIC SVNT DRACONES