diff options
Diffstat (limited to 'sandbox.c')
| -rw-r--r-- | sandbox.c | 14 |
1 files changed, 14 insertions, 0 deletions
| @@ -13,6 +13,14 @@ void sbox_enter(const char *basedir) | |||
| 13 | return; | 13 | return; |
| 14 | } | 14 | } |
| 15 | 15 | ||
| 16 | int smail; | ||
| 17 | const char *url = xs_dict_get(srv_config, "smtp_url"); | ||
| 18 | |||
| 19 | if (xs_is_string(url) && *url) | ||
| 20 | smail = 0; | ||
| 21 | else | ||
| 22 | smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications")); | ||
| 23 | |||
| 16 | srv_debug(1, xs_fmt("Calling unveil()")); | 24 | srv_debug(1, xs_fmt("Calling unveil()")); |
| 17 | unveil(basedir, "rwc"); | 25 | unveil(basedir, "rwc"); |
| 18 | unveil("/tmp", "rwc"); | 26 | unveil("/tmp", "rwc"); |
| @@ -25,6 +33,9 @@ void sbox_enter(const char *basedir) | |||
| 25 | if (*address == '/') | 33 | if (*address == '/') |
| 26 | unveil(address, "rwc"); | 34 | unveil(address, "rwc"); |
| 27 | 35 | ||
| 36 | if (smail) | ||
| 37 | unveil("/usr/sbin/sendmail", "x"); | ||
| 38 | |||
| 28 | unveil(NULL, NULL); | 39 | unveil(NULL, NULL); |
| 29 | 40 | ||
| 30 | srv_debug(1, xs_fmt("Calling pledge()")); | 41 | srv_debug(1, xs_fmt("Calling pledge()")); |
| @@ -34,6 +45,9 @@ void sbox_enter(const char *basedir) | |||
| 34 | if (*address == '/') | 45 | if (*address == '/') |
| 35 | p = xs_str_cat(p, " unix"); | 46 | p = xs_str_cat(p, " unix"); |
| 36 | 47 | ||
| 48 | if (smail) | ||
| 49 | p = xs_str_cat(p, " exec"); | ||
| 50 | |||
| 37 | pledge(p, NULL); | 51 | pledge(p, NULL); |
| 38 | } | 52 | } |
| 39 | 53 | ||