summaryrefslogtreecommitdiff
path: root/sandbox.c
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox.c')
-rw-r--r--sandbox.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/sandbox.c b/sandbox.c
index e579f70..138fc74 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -83,6 +83,11 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
83 83
84void sbox_enter(const char *basedir) 84void sbox_enter(const char *basedir)
85{ 85{
86 const char *address = xs_dict_get(srv_config, "address");
87
88 int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
89
90#if defined (__OpenBSD__)
86 if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) { 91 if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
87 srv_log(xs_dup("disable_openbsd_security is deprecated. Use disable_sandbox instead.")); 92 srv_log(xs_dup("disable_openbsd_security is deprecated. Use disable_sandbox instead."));
88 return; 93 return;
@@ -92,11 +97,6 @@ void sbox_enter(const char *basedir)
92 return; 97 return;
93 } 98 }
94 99
95 const char *address = xs_dict_get(srv_config, "address");
96
97 int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
98
99#if defined (__OpenBSD__)
100 srv_debug(1, xs_fmt("Calling unveil()")); 100 srv_debug(1, xs_fmt("Calling unveil()"));
101 unveil(basedir, "rwc"); 101 unveil(basedir, "rwc");
102 unveil("/tmp", "rwc"); 102 unveil("/tmp", "rwc");
@@ -128,6 +128,11 @@ void sbox_enter(const char *basedir)
128 128
129#elif defined (__linux__) 129#elif defined (__linux__)
130 130
131 if (xs_is_true(xs_dict_get_def(srv_config, "disable_sandbox", xs_stock(XSTYPE_TRUE)))) {
132 srv_debug(0, xs_dup("Sandbox disabled by admin"));
133 return;
134 }
135
131 if (sbox_enter_linux_(basedir, address, smail) == 0) 136 if (sbox_enter_linux_(basedir, address, smail) == 0)
132 srv_log(xs_dup("landlocked")); 137 srv_log(xs_dup("landlocked"));
133 else 138 else
HIC SVNT DRACONES