1 files changed, 15 insertions, 16 deletions
diff --git a/sandbox.c b/sandbox.c
index 0fc48ad..5046104 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -8,8 +8,6 @@ void sbox_enter(const char *basedir)
 {
    const char *address = xs_dict_get(srv_config, "address");
-    int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
    if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
        srv_log(xs_dup("OpenBSD security disabled by admin"));
        return;
@@ -24,9 +22,6 @@ void sbox_enter(const char *basedir)
    unveil("/etc/ssl/cert.pem",    "r");
    unveil("/usr/share/zoneinfo",  "r");
-    if (smail)
-        unveil("/usr/sbin/sendmail",   "x");
    if (*address == '/')
        unveil(address, "rwc");
@@ -36,9 +31,6 @@ void sbox_enter(const char *basedir)
    xs *p = xs_str_new("stdio rpath wpath cpath flock inet proc dns fattr");
-    if (smail)
-        p = xs_str_cat(p, " exec");
    if (*address == '/')
        p = xs_str_cat(p, " unix");
@@ -55,7 +47,7 @@ void sbox_enter(const char *basedir)
 #include "landloc.h"
 static
-LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail) {
+LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smtp_port) {
    const unsigned long long
        rd = LANDLOCK_ACCESS_FS_READ_DIR,
@@ -101,9 +93,6 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
        LL_PATH(sdir, s);
    }
-    if (smail && mtime("/usr/sbin/sendmail") > 0)
-        LL_PATH("/usr/sbin/sendmail", x);
    if (*address != '/') {
        unsigned short listen_port = xs_number_get(xs_dict_get(srv_config, "port"));
        LL_PORT(listen_port, LANDLOCK_ACCESS_NET_BIND_TCP_COMPAT);
@@ -111,24 +100,34 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
    LL_PORT(80,  LANDLOCK_ACCESS_NET_CONNECT_TCP_COMPAT);
    LL_PORT(443, LANDLOCK_ACCESS_NET_CONNECT_TCP_COMPAT);
+    if (smtp_port > 0)
+        LL_PORT((unsigned short)smtp_port, LANDLOCK_ACCESS_NET_CONNECT_TCP_COMPAT);
 } LL_END
 void sbox_enter(const char *basedir)
 {
+    const xs_val *v;
+    const char *errstr;
    const char *address = xs_dict_get(srv_config, "address");
+    int smtp_port = -1;
-    int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
    if (xs_is_true(xs_dict_get(srv_config, "disable_sandbox"))) {
        srv_debug(1, xs_dup("Linux sandbox disabled by admin"));
        return;
    }
-    if (sbox_enter_linux_(basedir, address, smail) == 0)
+    if ((v = xs_dict_get(srv_config, "email_notifications")) && 
+        (v = xs_dict_get(v, "url"))) {
+        smtp_port = parse_port((const char *)v, &errstr);
+        if (errstr)
+            srv_debug(0, xs_fmt("Couldn't determine port from '%s': %s", (const char *)v, errstr));
+    }
+    if (sbox_enter_linux_(basedir, address, smtp_port) == 0)
        srv_debug(1, xs_dup("Linux sandbox enabled"));
    else
-        srv_debug(1, xs_dup("Linux sandbox failed"));
+        srv_debug(0, xs_dup("Linux sandbox failed"));
 }
 #else /* defined(WITH_LINUX_SANDBOX) */

diff --git a/sandbox.c b/sandbox.c index 0fc48ad..5046104 100644 --- a/sandbox.c +++ b/sandbox.c
@@ -8,8 +8,6 @@ void sbox_enter(const char *basedir)
8	{	8	{
9	const char *address = xs_dict_get(srv_config, "address");	9	const char *address = xs_dict_get(srv_config, "address");
10		10
11	int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
12
13	if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {	11	if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
14	srv_log(xs_dup("OpenBSD security disabled by admin"));	12	srv_log(xs_dup("OpenBSD security disabled by admin"));
15	return;	13	return;
@@ -24,9 +22,6 @@ void sbox_enter(const char *basedir)
24	unveil("/etc/ssl/cert.pem", "r");	22	unveil("/etc/ssl/cert.pem", "r");
25	unveil("/usr/share/zoneinfo", "r");	23	unveil("/usr/share/zoneinfo", "r");
26		24
27	if (smail)
28	unveil("/usr/sbin/sendmail", "x");
29
30	if (*address == '/')	25	if (*address == '/')
31	unveil(address, "rwc");	26	unveil(address, "rwc");
32		27
@@ -36,9 +31,6 @@ void sbox_enter(const char *basedir)
36		31
37	xs *p = xs_str_new("stdio rpath wpath cpath flock inet proc dns fattr");	32	xs *p = xs_str_new("stdio rpath wpath cpath flock inet proc dns fattr");
38		33
39	if (smail)
40	p = xs_str_cat(p, " exec");
41
42	if (*address == '/')	34	if (*address == '/')
43	p = xs_str_cat(p, " unix");	35	p = xs_str_cat(p, " unix");
44		36
@@ -55,7 +47,7 @@ void sbox_enter(const char *basedir)
55	#include "landloc.h"	47	#include "landloc.h"
56		48
57	static	49	static
58	LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail) {	50	LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smtp_port) {
59		51
60	const unsigned long long	52	const unsigned long long
61	rd = LANDLOCK_ACCESS_FS_READ_DIR,	53	rd = LANDLOCK_ACCESS_FS_READ_DIR,
@@ -101,9 +93,6 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
101	LL_PATH(sdir, s);	93	LL_PATH(sdir, s);
102	}	94	}
103		95
104	if (smail && mtime("/usr/sbin/sendmail") > 0)
105	LL_PATH("/usr/sbin/sendmail", x);
106
107	if (*address != '/') {	96	if (*address != '/') {
108	unsigned short listen_port = xs_number_get(xs_dict_get(srv_config, "port"));	97	unsigned short listen_port = xs_number_get(xs_dict_get(srv_config, "port"));
109	LL_PORT(listen_port, LANDLOCK_ACCESS_NET_BIND_TCP_COMPAT);	98	LL_PORT(listen_port, LANDLOCK_ACCESS_NET_BIND_TCP_COMPAT);
@@ -111,24 +100,34 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
111		100
112	LL_PORT(80, LANDLOCK_ACCESS_NET_CONNECT_TCP_COMPAT);	101	LL_PORT(80, LANDLOCK_ACCESS_NET_CONNECT_TCP_COMPAT);
113	LL_PORT(443, LANDLOCK_ACCESS_NET_CONNECT_TCP_COMPAT);	102	LL_PORT(443, LANDLOCK_ACCESS_NET_CONNECT_TCP_COMPAT);
		103	if (smtp_port > 0)
		104	LL_PORT((unsigned short)smtp_port, LANDLOCK_ACCESS_NET_CONNECT_TCP_COMPAT);
114		105
115	} LL_END	106	} LL_END
116		107
117	void sbox_enter(const char *basedir)	108	void sbox_enter(const char *basedir)
118	{	109	{
		110	const xs_val *v;
		111	const char *errstr;
119	const char *address = xs_dict_get(srv_config, "address");	112	const char *address = xs_dict_get(srv_config, "address");
120		113	int smtp_port = -1;
121	int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
122		114
123	if (xs_is_true(xs_dict_get(srv_config, "disable_sandbox"))) {	115	if (xs_is_true(xs_dict_get(srv_config, "disable_sandbox"))) {
124	srv_debug(1, xs_dup("Linux sandbox disabled by admin"));	116	srv_debug(1, xs_dup("Linux sandbox disabled by admin"));
125	return;	117	return;
126	}	118	}
127		119
128	if (sbox_enter_linux_(basedir, address, smail) == 0)	120	if ((v = xs_dict_get(srv_config, "email_notifications")) &&
		121	(v = xs_dict_get(v, "url"))) {
		122	smtp_port = parse_port((const char *)v, &errstr);
		123	if (errstr)
		124	srv_debug(0, xs_fmt("Couldn't determine port from '%s': %s", (const char *)v, errstr));
		125	}
		126
		127	if (sbox_enter_linux_(basedir, address, smtp_port) == 0)
129	srv_debug(1, xs_dup("Linux sandbox enabled"));	128	srv_debug(1, xs_dup("Linux sandbox enabled"));
130	else	129	else
131	srv_debug(1, xs_dup("Linux sandbox failed"));	130	srv_debug(0, xs_dup("Linux sandbox failed"));
132	}	131	}
133		132
134	#else /* defined(WITH_LINUX_SANDBOX) */	133	#else /* defined(WITH_LINUX_SANDBOX) */