From 89c1a4a94b1032aed3af293c0f04d7a8f058ccda Mon Sep 17 00:00:00 2001
From: grunfink
Date: Tue, 3 Jun 2025 03:31:31 +0200
Subject: Fixed regression while sending email via pipe on OpenBSD.

---
 sandbox.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'sandbox.c')

diff --git a/sandbox.c b/sandbox.c
index 1ea9c1c..9e06155 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -13,6 +13,8 @@ void sbox_enter(const char *basedir)
         return;
     }
 
+    int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
+
     srv_debug(1, xs_fmt("Calling unveil()"));
     unveil(basedir,                "rwc");
     unveil("/tmp",                 "rwc");
@@ -25,6 +27,9 @@ void sbox_enter(const char *basedir)
     if (*address == '/')
         unveil(address, "rwc");
 
+    if (smail)
+        unveil("/usr/sbin/sendmail",   "x");
+
     unveil(NULL,                   NULL);
 
     srv_debug(1, xs_fmt("Calling pledge()"));
@@ -34,6 +39,9 @@ void sbox_enter(const char *basedir)
     if (*address == '/')
         p = xs_str_cat(p, " unix");
 
+    if (smail)
+        p = xs_str_cat(p, " exec");
+
     pledge(p, NULL);
 }
 
-- 
cgit v1.2.3


From c2cac572e9e51fc91296e0aa86ed3e165a75dd2d Mon Sep 17 00:00:00 2001
From: grunfink
Date: Wed, 4 Jun 2025 06:35:39 +0200
Subject: Don't enable unveil() and pledge() for sendmail spawn if "smtp_url"
 is set.

---
 sandbox.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sandbox.c')

diff --git a/sandbox.c b/sandbox.c
index 9e06155..a172f46 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -15,6 +15,11 @@ void sbox_enter(const char *basedir)
 
     int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
 
+    const char *url = xs_dict_get(srv_config, "smtp_url");
+
+    if (xs_is_string(url) && *url)
+        smail = 0;
+
     srv_debug(1, xs_fmt("Calling unveil()"));
     unveil(basedir,                "rwc");
     unveil("/tmp",                 "rwc");
-- 
cgit v1.2.3


From f0509f8b2b8df704226a94e9af8c06c3065234d4 Mon Sep 17 00:00:00 2001
From: grunfink
Date: Wed, 4 Jun 2025 06:38:44 +0200
Subject: Minor tweak.

---
 sandbox.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'sandbox.c')

diff --git a/sandbox.c b/sandbox.c
index a172f46..c6cfdcb 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -13,12 +13,13 @@ void sbox_enter(const char *basedir)
         return;
     }
 
-    int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
-
+    int smail;
     const char *url = xs_dict_get(srv_config, "smtp_url");
 
     if (xs_is_string(url) && *url)
         smail = 0;
+    else
+        smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
 
     srv_debug(1, xs_fmt("Calling unveil()"));
     unveil(basedir,                "rwc");
-- 
cgit v1.2.3