diff options
Diffstat (limited to 'sandbox.c')
| -rw-r--r-- | sandbox.c | 9 |
1 files changed, 8 insertions, 1 deletions
| @@ -63,15 +63,22 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smtp_p | |||
| 63 | LANDLOCK_ACCESS_FS_REFER_COMPAT, | 63 | LANDLOCK_ACCESS_FS_REFER_COMPAT, |
| 64 | s = LANDLOCK_ACCESS_FS_MAKE_SOCK, | 64 | s = LANDLOCK_ACCESS_FS_MAKE_SOCK, |
| 65 | x = LANDLOCK_ACCESS_FS_EXECUTE; | 65 | x = LANDLOCK_ACCESS_FS_EXECUTE; |
| 66 | char *resolved_path = NULL; | ||
| 66 | 67 | ||
| 67 | LL_PATH(basedir, rf|rd|w|c); | 68 | LL_PATH(basedir, rf|rd|w|c); |
| 68 | LL_PATH("/tmp", rf|rd|w|c); | 69 | LL_PATH("/tmp", rf|rd|w|c); |
| 69 | #ifndef WITHOUT_SHM | 70 | #ifndef WITHOUT_SHM |
| 70 | LL_PATH("/dev/shm", rf|w|c ); | 71 | LL_PATH("/dev/shm", rf|w|c ); |
| 71 | #endif | 72 | #endif |
| 73 | LL_PATH("/dev/urandom", rf ); | ||
| 72 | LL_PATH("/etc/resolv.conf", rf ); | 74 | LL_PATH("/etc/resolv.conf", rf ); |
| 73 | LL_PATH("/etc/hosts", rf ); | 75 | LL_PATH("/etc/hosts", rf ); |
| 74 | LL_PATH("/etc/ssl", rf ); | 76 | LL_PATH("/etc/ssl", rf|rd ); |
| 77 | if ((resolved_path = realpath("/etc/ssl/cert.pem", NULL))) { | ||
| 78 | /* some distros like cert.pem to be a symlink */ | ||
| 79 | LL_PATH(resolved_path, rf ); | ||
| 80 | free(resolved_path); | ||
| 81 | } | ||
| 75 | LL_PATH("/usr/share/zoneinfo", rf ); | 82 | LL_PATH("/usr/share/zoneinfo", rf ); |
| 76 | 83 | ||
| 77 | if (mtime("/etc/pki") > 0) | 84 | if (mtime("/etc/pki") > 0) |