Disable sandboxing by default for now.

1 files changed, 10 insertions, 5 deletions

diff --git a/sandbox.c b/sandbox.c
index e579f70..138fc74 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -83,6 +83,11 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
 
 void sbox_enter(const char *basedir)
 {
+    const char *address = xs_dict_get(srv_config, "address");
+
+    int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
+
+#if defined (__OpenBSD__)
     if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
         srv_log(xs_dup("disable_openbsd_security is deprecated. Use disable_sandbox instead."));
         return;
@@ -92,11 +97,6 @@ void sbox_enter(const char *basedir)
         return;
     }
 
-    const char *address = xs_dict_get(srv_config, "address");
-
-    int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
-
-#if defined (__OpenBSD__)
     srv_debug(1, xs_fmt("Calling unveil()"));
     unveil(basedir,                "rwc");
     unveil("/tmp",                 "rwc");
@@ -128,6 +128,11 @@ void sbox_enter(const char *basedir)
 
 #elif defined (__linux__)
     
+    if (xs_is_true(xs_dict_get_def(srv_config, "disable_sandbox", xs_stock(XSTYPE_TRUE)))) {
+        srv_debug(0, xs_dup("Sandbox disabled by admin"));
+        return;
+    }
+
     if (sbox_enter_linux_(basedir, address, smail) == 0)
         srv_log(xs_dup("landlocked"));
     else