| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2026-02-05 | strip_exif support for the OpenBSD sandbox |  Alvar Penning | 1 | -1/+8 | |
| Change the strip_exif logic to work with the already existing OpenBSD sandbox and allow ffmpeg and mogrify to be executed. The previous strip_exif implementation relied on system(3), effectively starting "/bin/sh" and executing the required tool within a shell session. Making this work in the sandbox would require to allow executing "/bin/sh", rendering the sandbox useless. Thus, the code now starts determining the absolute path of the tools - unless they are given as ffmpeg_path or mogrify_path - and allowing them to be executed via unveil(2). Then, instead of the system(3) call, the good old fork(2) and execve(2) dance is performed. The sbox_enter code was made aware of strip_exif, which resulted in a pledge(2) violation before when disable_email_notifications was set to false. Furthermore, the detected paths of the tools are now allowed. | |||||
| 2025-06-04 | Minor tweak. |  grunfink | 1 | -2/+3 | |
| 2025-06-04 | Don't enable unveil() and pledge() for sendmail spawn if "smtp_url" is set. | grunfink | 1 | -0/+5 | |
| 2025-06-03 | Fixed regression while sending email via pipe on OpenBSD. | grunfink | 1 | -0/+8 | |
| 2025-04-29 | allow sandbox to work with changed config values |  shtrophic | 1 | -5/+4 | |
| 2025-01-23 | Sandbox fixes | shtrophic | 1 | -1/+8 | |
| - allow reading `/dev/urandom` as it is shown as a failed syscall when tracing - resolve `/etc/ssl/cert.pem` in case it is a symlink | |||||
| 2025-01-20 | add port parsing for sandboxing | shtrophic | 1 | -16/+15 | |
| 2025-01-06 | Don't fail Linux sandboxing if /usr/sbin/sendmail does not exist. |  default | 1 | -1/+1 | |
| 2025-01-06 | Minor rework to sandbox code. | default | 1 | -61/+59 | |
| 2025-01-06 | Fixed sandboxing of the unix socket. | default | 1 | -2/+8 | |
| 2025-01-05 | Disable sandboxing by default for now. | default | 1 | -5/+10 | |
| 2025-01-05 | Fixed crash in sandbox code under OpenBSD. | default | 1 | -1/+0 | |
| 2025-01-05 | More sandbox compilation tweaks under Alpine Linux. | default | 1 | -0/+2 | |
| 2025-01-05 | Added some autodetection for Linux landlocking on older systems. | default | 1 | -4/+15 | |
| 2025-01-05 | New compilation variable WITHOUT_SANDBOX, to disable all sandboxing. | default | 1 | -0/+12 | |
| 2025-01-05 | Minor sandbox fix for Debian stable. | default | 1 | -2/+4 | |
| 2024-12-30 | use correct macros for compatibility | shtrophic | 1 | -9/+9 | |
| 2024-12-26 | use compat macros to compile on kernels without LANDLOCK_ACCESS_NET_* | shtrophic | 1 | -3/+3 | |
| 2024-12-08 | don't try to make files directory-readable | shtrophic | 1 | -22/+22 | |
| 2024-12-08 | make log output specific to landlock status | shtrophic | 1 | -3/+4 | |
| 2024-12-08 | cleanup rules | shtrophic | 1 | -23/+29 | |
| 2024-12-05 | import landloc.h | shtrophic | 1 | -129/+44 | |
| 2024-11-19 | make sendmail executable if configured | shtrophic | 1 | -1/+4 | |
| 2024-11-19 | only rwc /dev/shm when WITHOUT_SHM is undefined | shtrophic | 1 | -0/+2 | |
| 2024-11-16 | remove unused headers | shtrophic | 1 | -2/+1 | |
| 2024-11-16 | add distinction between RWC with directories and without, include FS_REFER ↵ | shtrophic | 1 | -11/+14 | |
| permission | |||||
| 2024-11-16 | sandboxing port to linux via landlock | shtrophic | 1 | -0/+184 | |
 |
index : snac2 | |
| Mirror of https://codeberg.org/grunfink/snac2 | git |
| summaryrefslogtreecommitdiff |