summaryrefslogtreecommitdiff
path: root/sandbox.c
diff options
context:
space:
mode:
authorGravatar shtrophic2025-01-24 20:38:26 +0100
committerGravatar shtrophic2025-01-24 20:38:26 +0100
commit85be7f36e12507cff7607df22ca14f8bfc00f6e2 (patch)
treee41bedab3e3b011c16d2ea6180926470cc8586aa /sandbox.c
parentfix memory leak (diff)
parentVersion 2.69 RELEASED. (diff)
downloadpenes-snac2-85be7f36e12507cff7607df22ca14f8bfc00f6e2.tar.gz
penes-snac2-85be7f36e12507cff7607df22ca14f8bfc00f6e2.tar.xz
penes-snac2-85be7f36e12507cff7607df22ca14f8bfc00f6e2.zip
Merge remote-tracking branch 'upstream/master' into curl-smtp
Diffstat (limited to 'sandbox.c')
-rw-r--r--sandbox.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/sandbox.c b/sandbox.c
index 875ae4e..5046104 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -63,15 +63,22 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smtp_p
63 LANDLOCK_ACCESS_FS_REFER_COMPAT, 63 LANDLOCK_ACCESS_FS_REFER_COMPAT,
64 s = LANDLOCK_ACCESS_FS_MAKE_SOCK, 64 s = LANDLOCK_ACCESS_FS_MAKE_SOCK,
65 x = LANDLOCK_ACCESS_FS_EXECUTE; 65 x = LANDLOCK_ACCESS_FS_EXECUTE;
66 char *resolved_path = NULL;
66 67
67 LL_PATH(basedir, rf|rd|w|c); 68 LL_PATH(basedir, rf|rd|w|c);
68 LL_PATH("/tmp", rf|rd|w|c); 69 LL_PATH("/tmp", rf|rd|w|c);
69#ifndef WITHOUT_SHM 70#ifndef WITHOUT_SHM
70 LL_PATH("/dev/shm", rf|w|c ); 71 LL_PATH("/dev/shm", rf|w|c );
71#endif 72#endif
73 LL_PATH("/dev/urandom", rf );
72 LL_PATH("/etc/resolv.conf", rf ); 74 LL_PATH("/etc/resolv.conf", rf );
73 LL_PATH("/etc/hosts", rf ); 75 LL_PATH("/etc/hosts", rf );
74 LL_PATH("/etc/ssl", rf ); 76 LL_PATH("/etc/ssl", rf|rd );
77 if ((resolved_path = realpath("/etc/ssl/cert.pem", NULL))) {
78 /* some distros like cert.pem to be a symlink */
79 LL_PATH(resolved_path, rf );
80 free(resolved_path);
81 }
75 LL_PATH("/usr/share/zoneinfo", rf ); 82 LL_PATH("/usr/share/zoneinfo", rf );
76 83
77 if (mtime("/etc/pki") > 0) 84 if (mtime("/etc/pki") > 0)
HIC SVNT DRACONES