Merge branch 'master' of grunfink-codeberg:grunfink/snac2

author: default 2025-01-05 13:17:03 +0100
committer: default 2025-01-05 13:17:03 +0100
commit: 4985b3e17e1dc7574f8e28c758645a019ba65e7a (patch)
tree: f516a12c630507b9e9e479a0b987cdf550bcd3e9 /data.c
parent: Updated RELEASE_NOTES. (diff)
parent: Merge pull request 'Port sandboxing to linux via landlock' (#226) from shtrop... (diff)
download: snac2-4985b3e17e1dc7574f8e28c758645a019ba65e7a.tar.gz
snac2-4985b3e17e1dc7574f8e28c758645a019ba65e7a.tar.xz
snac2-4985b3e17e1dc7574f8e28c758645a019ba65e7a.zip
1 files changed, 1 insertions, 38 deletions
diff --git a/data.c b/data.c
index e5d7258..0fd3528 100644
--- a/data.c
+++ b/data.c
@@ -115,44 +115,7 @@ int srv_open(const char *basedir, int auto_upgrade)
 #define st_mtim st_mtimespec
 #endif
-#ifdef __OpenBSD__
+    sbox_enter(srv_basedir);
-    if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
-        srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
-    }
-    else {
-        int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
-        const char *address = xs_dict_get(srv_config, "address");
-        srv_debug(1, xs_fmt("Calling unveil()"));
-        unveil(basedir,                "rwc");
-        unveil("/tmp",                 "rwc");
-        unveil("/etc/resolv.conf",     "r");
-        unveil("/etc/hosts",           "r");
-        unveil("/etc/ssl/openssl.cnf", "r");
-        unveil("/etc/ssl/cert.pem",    "r");
-        unveil("/usr/share/zoneinfo",  "r");
-        if (smail)
-            unveil("/usr/sbin/sendmail",   "x");
-        if (*address == '/')
-            unveil(address, "rwc");
-        unveil(NULL,                   NULL);
-        srv_debug(1, xs_fmt("Calling pledge()"));
-        xs *p = xs_str_new("stdio rpath wpath cpath flock inet proc dns fattr");
-        if (smail)
-            p = xs_str_cat(p, " exec");
-        if (*address == '/')
-            p = xs_str_cat(p, " unix");
-        pledge(p, NULL);
-    }
-#endif /* __OpenBSD__ */
    /* read (and drop) emojis.json, possibly creating it */
    xs_free(emojis());
author	default	2025-01-05 13:17:03 +0100
committer	default	2025-01-05 13:17:03 +0100
commit	4985b3e17e1dc7574f8e28c758645a019ba65e7a (patch)
tree	f516a12c630507b9e9e479a0b987cdf550bcd3e9 /data.c
parent	Updated RELEASE_NOTES. (diff)
parent	Merge pull request 'Port sandboxing to linux via landlock' (#226) from shtrop... (diff)
download	snac2-4985b3e17e1dc7574f8e28c758645a019ba65e7a.tar.gz snac2-4985b3e17e1dc7574f8e28c758645a019ba65e7a.tar.xz snac2-4985b3e17e1dc7574f8e28c758645a019ba65e7a.zip

diff --git a/data.c b/data.c index e5d7258..0fd3528 100644 --- a/data.c +++ b/data.c
@@ -115,44 +115,7 @@ int srv_open(const char *basedir, int auto_upgrade)
115	#define st_mtim st_mtimespec	115	#define st_mtim st_mtimespec
116	#endif	116	#endif
117		117
118	#ifdef __OpenBSD__	118	sbox_enter(srv_basedir);
119	if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
120	srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
121	}
122	else {
123	int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
124	const char *address = xs_dict_get(srv_config, "address");
125
126	srv_debug(1, xs_fmt("Calling unveil()"));
127	unveil(basedir, "rwc");
128	unveil("/tmp", "rwc");
129	unveil("/etc/resolv.conf", "r");
130	unveil("/etc/hosts", "r");
131	unveil("/etc/ssl/openssl.cnf", "r");
132	unveil("/etc/ssl/cert.pem", "r");
133	unveil("/usr/share/zoneinfo", "r");
134
135	if (smail)
136	unveil("/usr/sbin/sendmail", "x");
137
138	if (*address == '/')
139	unveil(address, "rwc");
140
141	unveil(NULL, NULL);
142
143	srv_debug(1, xs_fmt("Calling pledge()"));
144
145	xs *p = xs_str_new("stdio rpath wpath cpath flock inet proc dns fattr");
146
147	if (smail)
148	p = xs_str_cat(p, " exec");
149
150	if (*address == '/')
151	p = xs_str_cat(p, " unix");
152
153	pledge(p, NULL);
154	}
155	#endif /* __OpenBSD__ */
156		119
157	/* read (and drop) emojis.json, possibly creating it */	120	/* read (and drop) emojis.json, possibly creating it */
158	xs_free(emojis());	121	xs_free(emojis());