💾 Archived View for gemini.rmf-dev.com › repo › Vaati › Vgmi › files › 7ebcf21d27167d5fc2f7e50ec5fdc… captured on 2023-12-28 at 15:45:13. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Go Back

0 /*

1 * ISC License

2 * Copyright (c) 2023 RMF <rawmonk@firemail.cc>

3 */

4 #if defined (sun) && !defined (DISABLE_SANDBOX)

5 #include <stdio.h>

6 #include <stdlib.h>

7 #include <unistd.h>

8 #include <priv.h>

9 #include "error.h"

10

11 int init_privs(const char **privs) {

12 priv_set_t *pset;

13 if ((pset = priv_allocset()) == NULL) return -1;

14 priv_emptyset(pset);

15 for (int i = 0; privs[i]; i++) {

16 if (priv_addset(pset, privs[i])) return -1;

17 }

18 if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) ||

19 setppriv(PRIV_SET, PRIV_LIMIT, pset) ||

20 setppriv(PRIV_SET, PRIV_INHERITABLE, pset)) {

21 return -1;

22 }

23 priv_freeset(pset);

24 return 0;

25 }

26

27 int sandbox_init() {

28 const char* privs[] = {PRIV_NET_ACCESS, PRIV_FILE_READ,

29 PRIV_FILE_WRITE, NULL};

30 if (init_privs(privs)) return ERROR_SANDBOX_FAILURE;

31 return 0;

32 }

33

34 int sandbox_isolate() {

35 const char* privs[] = {NULL};

36 if (init_privs(privs)) return ERROR_SANDBOX_FAILURE;

37 return 0;

38 }

39

40 int sandbox_set_name(const char *name) {

41 if (name) return !name;

42 return 0;

43 }

44 #else

45 typedef int hide_warning;

46 #endif

47