💾 Archived View for gemini.rmf-dev.com › repo › Vaati › Vgmi › files › 7ebcf21d27167d5fc2f7e50ec5fdc… captured on 2023-12-28 at 15:45:13. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
0 /*
1 * ISC License
2 * Copyright (c) 2023 RMF <rawmonk@firemail.cc>
3 */
4 #if defined (sun) && !defined (DISABLE_SANDBOX)
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <unistd.h>
8 #include <priv.h>
9 #include "error.h"
10
11 int init_privs(const char **privs) {
12 priv_set_t *pset;
13 if ((pset = priv_allocset()) == NULL) return -1;
14 priv_emptyset(pset);
15 for (int i = 0; privs[i]; i++) {
16 if (priv_addset(pset, privs[i])) return -1;
17 }
18 if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) ||
19 setppriv(PRIV_SET, PRIV_LIMIT, pset) ||
20 setppriv(PRIV_SET, PRIV_INHERITABLE, pset)) {
21 return -1;
22 }
23 priv_freeset(pset);
24 return 0;
25 }
26
27 int sandbox_init() {
28 const char* privs[] = {PRIV_NET_ACCESS, PRIV_FILE_READ,
29 PRIV_FILE_WRITE, NULL};
30 if (init_privs(privs)) return ERROR_SANDBOX_FAILURE;
31 return 0;
32 }
33
34 int sandbox_isolate() {
35 const char* privs[] = {NULL};
36 if (init_privs(privs)) return ERROR_SANDBOX_FAILURE;
37 return 0;
38 }
39
40 int sandbox_set_name(const char *name) {
41 if (name) return !name;
42 return 0;
43 }
44 #else
45 typedef int hide_warning;
46 #endif
47