Merge branch 'master' of grunfink-codeberg:grunfink/snac2

author: grunfink 2026-02-07 16:59:53 +0100
committer: grunfink 2026-02-07 16:59:53 +0100
commit: 4087e740711303d410fa4c3a275fa69e8c605940 (patch)
tree: 061e941dcbcf45d7f4542d993c0e367d74c38201 /sandbox.c
parent: Updated RELEASE_NOTES. (diff)
parent: Merge pull request 'strip_exif support for the OpenBSD sandbox' (#548) from o... (diff)
download: snac2-4087e740711303d410fa4c3a275fa69e8c605940.tar.gz
snac2-4087e740711303d410fa4c3a275fa69e8c605940.tar.xz
snac2-4087e740711303d410fa4c3a275fa69e8c605940.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/sandbox.c b/sandbox.c
index c6cfdcb..15e4622 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -13,6 +13,8 @@ void sbox_enter(const char *basedir)
        return;
    }
+    const xs_val *strip_exif = xs_dict_get(srv_config, "strip_exif");
    int smail;
    const char *url = xs_dict_get(srv_config, "smtp_url");
@@ -33,6 +35,11 @@ void sbox_enter(const char *basedir)
    if (*address == '/')
        unveil(address, "rwc");
+    if (strip_exif) {
+        unveil(xs_dict_get(srv_config, "ffmpeg_path"), "x");
+        unveil(xs_dict_get(srv_config, "mogrify_path"), "x");
+    }
    if (smail)
        unveil("/usr/sbin/sendmail",   "x");
@@ -45,7 +52,7 @@ void sbox_enter(const char *basedir)
    if (*address == '/')
        p = xs_str_cat(p, " unix");
-    if (smail)
+    if (smail || strip_exif)
        p = xs_str_cat(p, " exec");
    pledge(p, NULL);
author	grunfink	2026-02-07 16:59:53 +0100
committer	grunfink	2026-02-07 16:59:53 +0100
commit	4087e740711303d410fa4c3a275fa69e8c605940 (patch)
tree	061e941dcbcf45d7f4542d993c0e367d74c38201 /sandbox.c
parent	Updated RELEASE_NOTES. (diff)
parent	Merge pull request 'strip_exif support for the OpenBSD sandbox' (#548) from o... (diff)
download	snac2-4087e740711303d410fa4c3a275fa69e8c605940.tar.gz snac2-4087e740711303d410fa4c3a275fa69e8c605940.tar.xz snac2-4087e740711303d410fa4c3a275fa69e8c605940.zip