1 files changed, 11 insertions, 2 deletions
diff --git a/data.c b/data.c
index 142fe8c..7dd7d19 100644
--- a/data.c
+++ b/data.c
@@ -117,18 +117,27 @@ int srv_open(char *basedir, int auto_upgrade)
        srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
    }
    else {
+        int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;
        srv_debug(1, xs_fmt("Calling unveil()"));
        unveil(basedir,                "rwc");
        unveil("/tmp",                 "rwc");
-        unveil("/usr/sbin/sendmail",   "x");
        unveil("/etc/resolv.conf",     "r");
        unveil("/etc/hosts",           "r");
        unveil("/etc/ssl/openssl.cnf", "r");
        unveil("/etc/ssl/cert.pem",    "r");
        unveil("/usr/share/zoneinfo",  "r");
+        if (smail)
+            unveil("/usr/sbin/sendmail",   "x");
        unveil(NULL,                   NULL);
        srv_debug(1, xs_fmt("Calling pledge()"));
-        pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
+        if (smail)
+            pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
+        else
+            pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);
    }
 #endif /* __OpenBSD__ */

diff --git a/data.c b/data.c index 142fe8c..7dd7d19 100644 --- a/data.c +++ b/data.c
@@ -117,18 +117,27 @@ int srv_open(char *basedir, int auto_upgrade)
117	srv_debug(1, xs_dup("OpenBSD security disabled by admin"));	117	srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
118	}	118	}
119	else {	119	else {
		120	int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;
		121
120	srv_debug(1, xs_fmt("Calling unveil()"));	122	srv_debug(1, xs_fmt("Calling unveil()"));
121	unveil(basedir, "rwc");	123	unveil(basedir, "rwc");
122	unveil("/tmp", "rwc");	124	unveil("/tmp", "rwc");
123	unveil("/usr/sbin/sendmail", "x");
124	unveil("/etc/resolv.conf", "r");	125	unveil("/etc/resolv.conf", "r");
125	unveil("/etc/hosts", "r");	126	unveil("/etc/hosts", "r");
126	unveil("/etc/ssl/openssl.cnf", "r");	127	unveil("/etc/ssl/openssl.cnf", "r");
127	unveil("/etc/ssl/cert.pem", "r");	128	unveil("/etc/ssl/cert.pem", "r");
128	unveil("/usr/share/zoneinfo", "r");	129	unveil("/usr/share/zoneinfo", "r");
		130
		131	if (smail)
		132	unveil("/usr/sbin/sendmail", "x");
		133
129	unveil(NULL, NULL);	134	unveil(NULL, NULL);
130	srv_debug(1, xs_fmt("Calling pledge()"));	135	srv_debug(1, xs_fmt("Calling pledge()"));
131	pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);	136
		137	if (smail)
		138	pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
		139	else
		140	pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);
132	}	141	}
133	#endif /* __OpenBSD__ */	142	#endif /* __OpenBSD__ */
134		143