diff options
| author |  Andrew Alderwick | 2023-01-13 13:25:14 +0100 |
|---|---|---|
| committer |  default | 2023-01-13 13:25:14 +0100 |
| commit | 3cb1725225567211c85226498bbc038cfe78d4fe (patch) | |
| tree | 2a916a33a975e3c96a70c7cf005432bbd3222629 /data.c | |
| parent | Updated RELEASE_NOTES. (diff) | |
| download | snac2-3cb1725225567211c85226498bbc038cfe78d4fe.tar.gz snac2-3cb1725225567211c85226498bbc038cfe78d4fe.tar.xz snac2-3cb1725225567211c85226498bbc038cfe78d4fe.zip | |
Added OpenBSD's unveil() and pledge() support.
Diffstat (limited to 'data.c')
| -rw-r--r-- | data.c | 16 |
1 files changed, 10 insertions, 6 deletions
| @@ -86,15 +86,19 @@ int srv_open(char *basedir, int auto_upgrade) | |||
| 86 | if (error != NULL) | 86 | if (error != NULL) |
| 87 | srv_log(error); | 87 | srv_log(error); |
| 88 | 88 | ||
| 89 | /* disabled temporarily; messages can't be sent (libcurl issue?) */ | ||
| 90 | #if 0 | ||
| 91 | #ifdef __OpenBSD__ | 89 | #ifdef __OpenBSD__ |
| 92 | srv_debug(2, xs_fmt("Calling unveil()")); | 90 | srv_debug(2, xs_fmt("Calling unveil()")); |
| 93 | unveil(basedir, "rwc"); | 91 | unveil(basedir, "rwc"); |
| 94 | unveil("/usr/sbin", "x"); | 92 | unveil("/usr/sbin/sendmail", "x"); |
| 95 | unveil(NULL, NULL); | 93 | unveil("/etc/resolv.conf", "r"); |
| 94 | unveil("/etc/hosts", "r"); | ||
| 95 | unveil("/etc/ssl/openssl.cnf", "r"); | ||
| 96 | unveil("/etc/ssl/cert.pem", "r"); | ||
| 97 | unveil("/usr/share/zoneinfo", "r"); | ||
| 98 | unveil(NULL, NULL); | ||
| 99 | srv_debug(2, xs_fmt("Calling pledge()")); | ||
| 100 | pledge("stdio rpath wpath cpath flock inet proc exec dns", NULL); | ||
| 96 | #endif /* __OpenBSD__ */ | 101 | #endif /* __OpenBSD__ */ |
| 97 | #endif | ||
| 98 | 102 | ||
| 99 | return ret; | 103 | return ret; |
| 100 | } | 104 | } |