1 files changed, 15 insertions, 7 deletions
diff --git a/data.c b/data.c
index 1a4551d..3b01498 100644
--- a/data.c
+++ b/data.c
@@ -114,13 +114,12 @@ int srv_open(const char *basedir, int auto_upgrade)
 #endif
 #ifdef __OpenBSD__
-    const char *v = xs_dict_get(srv_config, "disable_openbsd_security");
+    if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
-    if (v && xs_type(v) == XSTYPE_TRUE) {
        srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
    }
    else {
-        int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;
+        int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
+        const char *address = xs_dict_get(srv_config, "address");
        srv_debug(1, xs_fmt("Calling unveil()"));
        unveil(basedir,                "rwc");
@@ -134,13 +133,22 @@ int srv_open(const char *basedir, int auto_upgrade)
        if (smail)
            unveil("/usr/sbin/sendmail",   "x");
+        if (*address == '/')
+            unveil(address, "rwc");
        unveil(NULL,                   NULL);
        srv_debug(1, xs_fmt("Calling pledge()"));
+        xs *p = xs_str_new("stdio rpath wpath cpath flock inet proc dns fattr");
        if (smail)
-            pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
+            p = xs_str_cat(p, " exec");
-        else
-            pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);
+        if (*address == '/')
+            p = xs_str_cat(p, " unix");
+        pledge(p, NULL);
    }
 #endif /* __OpenBSD__ */

diff --git a/data.c b/data.c index 1a4551d..3b01498 100644 --- a/data.c +++ b/data.c
@@ -114,13 +114,12 @@ int srv_open(const char *basedir, int auto_upgrade)
114	#endif	114	#endif
115		115
116	#ifdef __OpenBSD__	116	#ifdef __OpenBSD__
117	const char *v = xs_dict_get(srv_config, "disable_openbsd_security");	117	if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
118
119	if (v && xs_type(v) == XSTYPE_TRUE) {
120	srv_debug(1, xs_dup("OpenBSD security disabled by admin"));	118	srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
121	}	119	}
122	else {	120	else {
123	int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;	121	int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
		122	const char *address = xs_dict_get(srv_config, "address");
124		123
125	srv_debug(1, xs_fmt("Calling unveil()"));	124	srv_debug(1, xs_fmt("Calling unveil()"));
126	unveil(basedir, "rwc");	125	unveil(basedir, "rwc");
@@ -134,13 +133,22 @@ int srv_open(const char *basedir, int auto_upgrade)
134	if (smail)	133	if (smail)
135	unveil("/usr/sbin/sendmail", "x");	134	unveil("/usr/sbin/sendmail", "x");
136		135
		136	if (*address == '/')
		137	unveil(address, "rwc");
		138
137	unveil(NULL, NULL);	139	unveil(NULL, NULL);
		140
138	srv_debug(1, xs_fmt("Calling pledge()"));	141	srv_debug(1, xs_fmt("Calling pledge()"));
139		142
		143	xs *p = xs_str_new("stdio rpath wpath cpath flock inet proc dns fattr");
		144
140	if (smail)	145	if (smail)
141	pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);	146	p = xs_str_cat(p, " exec");
142	else	147
143	pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);	148	if (*address == '/')
		149	p = xs_str_cat(p, " unix");
		150
		151	pledge(p, NULL);
144	}	152	}
145	#endif /* __OpenBSD__ */	153	#endif /* __OpenBSD__ */
146		154