Go Back

0 /*

1 * ISC License

2 * Copyright (c) 2023 RMF <rawmonk@firemail.cc>

3 */

4 #define SANDBOX_INFO "The program is not sandboxed"

5 #define SANDBOX_FILESYSTEM "Unrestricted"

6 #define SANDBOX_IPC "Unrestricted"

7 #define SANDBOX_DEVICE "Unrestricted"

8 #define SANDBOX_PARSER "Disabled"

9 #define NO_SANDBOX

10

11 #ifndef DISABLE_SANDBOX

12

13 #ifdef __linux__

14 #if __has_include(<linux/landlock.h>)

15 #define HAS_LANDLOCK

16 #endif

17 #undef NO_SANDBOX

18 #undef SANDBOX_INFO

19 #if defined (ENABLE_SECCOMP_FILTER) && defined (HAS_LANDLOCK)

20 #define SANDBOX_INFO "Sandboxed using landlock(7) and seccomp(2)"

21 #elif defined (HAS_LANDLOCK)

22 #define SANDBOX_INFO "Sandboxed using landlock(7)"

23 #elif defined (ENABLE_SECCOMP_FILTER)

24 #define SANDBOX_INFO "Sandboxed using seccomp(2)"

25 #else

26 #define SANDBOX_INFO "Only the parsers are sandboxed using seccomp(2)"

27 #endif

28 #ifdef HAS_LANDLOCK

29 #undef SANDBOX_FILESYSTEM

30 #define SANDBOX_FILESYSTEM "Restricted"

31 #endif

32 #ifdef ENABLE_SECCOMP_FILTER

33 #undef SANDBOX_IPC

34 #define SANDBOX_IPC "Restricted"

35 #undef SANDBOX_DEVICE

36 #define SANDBOX_DEVICE "Restricted"

37 #endif

38 #undef SANDBOX_PARSER

39 #define SANDBOX_PARSER "Enabled"

40 #endif

41

42 #ifdef __OpenBSD__

43 #undef NO_SANDBOX

44 #undef SANDBOX_INFO

45 #define SANDBOX_INFO "Sandboxed using pledge(2) and unveil(2)"

46 #undef SANDBOX_FILESYSTEM

47 #define SANDBOX_FILESYSTEM "Restricted"

48 #undef SANDBOX_IPC

49 #define SANDBOX_IPC "Restricted"

50 #undef SANDBOX_DEVICE

51 #define SANDBOX_DEVICE "Restricted"

52 #undef SANDBOX_PARSER

53 #define SANDBOX_PARSER "Enabled"

54 #endif

55

56 #ifdef __FreeBSD__

57 #undef NO_SANDBOX

58 #undef SANDBOX_INFO

59 #define SANDBOX_INFO "Sandboxed using capsicum(4) and cap_net(3)"

60 #undef SANDBOX_FILESYSTEM

61 #define SANDBOX_FILESYSTEM "Restricted"

62 #undef SANDBOX_IPC

63 #define SANDBOX_IPC "Restricted"

64 #undef SANDBOX_DEVICE

65 #define SANDBOX_DEVICE "Restricted"

66 #undef SANDBOX_PARSER

67 #define SANDBOX_PARSER "Enabled"

68 int sandbox_getaddrinfo(const char *hostname, const char *servname,

69 void *hints, void *res);

70 int sandbox_connect(int s, void *name, int namelen);

71 #endif

72

73 #ifdef sun

74 #undef NO_SANDBOX

75 #undef SANDBOX_INFO

76 #define SANDBOX_INFO "Sandboxed using privileges(7)"

77 #undef SANDBOX_IPC

78 #define SANDBOX_IPC "Restricted"

79 #undef SANDBOX_DEVICE

80 #define SANDBOX_DEVICE "Restricted"

81 #undef SANDBOX_PARSER

82 #define SANDBOX_PARSER "Enabled"

83 #endif

84

85 #endif

86

87 int sandbox_init();

88 int sandbox_isolate();

89 int sandbox_set_name(const char*);

90