| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | strip_exif support for the OpenBSD sandbox |  Alvar Penning | 8 days | 1 | -1/+8 |
| | | | | | | | | | | | | | | | | | | | | Change the strip_exif logic to work with the already existing OpenBSD sandbox and allow ffmpeg and mogrify to be executed. The previous strip_exif implementation relied on system(3), effectively starting "/bin/sh" and executing the required tool within a shell session. Making this work in the sandbox would require to allow executing "/bin/sh", rendering the sandbox useless. Thus, the code now starts determining the absolute path of the tools - unless they are given as ffmpeg_path or mogrify_path - and allowing them to be executed via unveil(2). Then, instead of the system(3) call, the good old fork(2) and execve(2) dance is performed. The sbox_enter code was made aware of strip_exif, which resulted in a pledge(2) violation before when disable_email_notifications was set to false. Furthermore, the detected paths of the tools are now allowed. | ||||
| * | Minor tweak. |  grunfink | 2025-06-04 | 1 | -2/+3 |
| | | |||||
| * | Don't enable unveil() and pledge() for sendmail spawn if "smtp_url" is set. | grunfink | 2025-06-04 | 1 | -0/+5 |
| | | |||||
| * | Fixed regression while sending email via pipe on OpenBSD. | grunfink | 2025-06-03 | 1 | -0/+8 |
| | | |||||
| * | allow sandbox to work with changed config values |  shtrophic | 2025-04-29 | 1 | -5/+4 |
| | | |||||
| * | Merge remote-tracking branch 'upstream/master' into curl-smtp | shtrophic | 2025-01-24 | 1 | -1/+8 |
| |\ | |||||
| | * | Sandbox fixes | shtrophic | 2025-01-23 | 1 | -1/+8 |
| | | | | | | | | | | | | | - allow reading `/dev/urandom` as it is shown as a failed syscall when tracing - resolve `/etc/ssl/cert.pem` in case it is a symlink | ||||
| * | | add port parsing for sandboxing | shtrophic | 2025-01-20 | 1 | -16/+15 |
| |/ | |||||
| * | Don't fail Linux sandboxing if /usr/sbin/sendmail does not exist. |  default | 2025-01-06 | 1 | -1/+1 |
| | | |||||
| * | Minor rework to sandbox code. | default | 2025-01-06 | 1 | -61/+59 |
| | | |||||
| * | Fixed sandboxing of the unix socket. | default | 2025-01-06 | 1 | -2/+8 |
| | | |||||
| * | Disable sandboxing by default for now. | default | 2025-01-05 | 1 | -5/+10 |
| | | |||||
| * | Fixed crash in sandbox code under OpenBSD. | default | 2025-01-05 | 1 | -1/+0 |
| | | |||||
| * | More sandbox compilation tweaks under Alpine Linux. | default | 2025-01-05 | 1 | -0/+2 |
| | | |||||
| * | Added some autodetection for Linux landlocking on older systems. | default | 2025-01-05 | 1 | -4/+15 |
| | | |||||
| * | New compilation variable WITHOUT_SANDBOX, to disable all sandboxing. | default | 2025-01-05 | 1 | -0/+12 |
| | | |||||
| * | Minor sandbox fix for Debian stable. | default | 2025-01-05 | 1 | -2/+4 |
| | | |||||
| * | use correct macros for compatibility | shtrophic | 2024-12-30 | 1 | -9/+9 |
| | | |||||
| * | use compat macros to compile on kernels without LANDLOCK_ACCESS_NET_* | shtrophic | 2024-12-26 | 1 | -3/+3 |
| | | |||||
| * | don't try to make files directory-readable | shtrophic | 2024-12-08 | 1 | -22/+22 |
| | | |||||
| * | make log output specific to landlock status | shtrophic | 2024-12-08 | 1 | -3/+4 |
| | | |||||
| * | cleanup rules | shtrophic | 2024-12-08 | 1 | -23/+29 |
| | | |||||
| * | import landloc.h | shtrophic | 2024-12-05 | 1 | -129/+44 |
| | | |||||
| * | make sendmail executable if configured | shtrophic | 2024-11-19 | 1 | -1/+4 |
| | | |||||
| * | only rwc /dev/shm when WITHOUT_SHM is undefined | shtrophic | 2024-11-19 | 1 | -0/+2 |
| | | |||||
| * | remove unused headers | shtrophic | 2024-11-16 | 1 | -2/+1 |
| | | |||||
| * | add distinction between RWC with directories and without, include FS_REFER ↵ | shtrophic | 2024-11-16 | 1 | -11/+14 |
| | | | | | permission | ||||
| * | sandboxing port to linux via landlock | shtrophic | 2024-11-16 | 1 | -0/+184 |
 |
index : snac2 | |
| Mirror of https://codeberg.org/grunfink/snac2 | git |
| summaryrefslogtreecommitdiff |