💾 Archived View for gemini.rmf-dev.com › repo › Vaati › Vgmi › files › bc59cdcd89699502973750e895a3a… captured on 2024-02-05 at 10:02:42. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
0 /*
1 * ISC License
2 * Copyright (c) 2023 RMF <rawmonk@firemail.cc>
3 */
4 #if defined (__OpenBSD__) && !defined (DISABLE_SANDBOX)
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <unistd.h>
8 #include "macro.h"
9 #include "sandbox.h"
10 #include "storage.h"
11 #include "error.h"
12
13 int sandbox_init(void) {
14
15 char path[2048], download_path[2048];
16 int ret;
17
18 if ((ret = storage_path(V(path)))) return ret;
19 if ((ret = storage_download_path(V(download_path)))) return ret;
20 if (unveil("/etc/resolv.conf", "r")) return ERROR_SANDBOX_FAILURE;
21 if (unveil("/etc/hosts", "r")) return ERROR_SANDBOX_FAILURE;
22 if (unveil(path, "rwc")) return ERROR_SANDBOX_FAILURE;
23 if (unveil(download_path, "rwc")) return ERROR_SANDBOX_FAILURE;
24 if (unveil(NULL, NULL)) return ERROR_SANDBOX_FAILURE;
25
26 if (pledge("tty stdio inet dns rpath wpath cpath", ""))
27 return ERROR_SANDBOX_FAILURE;
28
29 return 0;
30 }
31
32 int sandbox_isolate(void) {
33 if (unveil(NULL, NULL)) return ERROR_SANDBOX_FAILURE;
34 if (pledge("stdio", "")) return ERROR_SANDBOX_FAILURE;
35 return 0;
36 }
37
38 int sandbox_set_name(const char *name) {
39 setproctitle("%s", name);
40 return 0;
41 }
42 #else
43 typedef int hide_warning;
44 #endif
45