Added OpenBSD's unveil() and pledge() support.

author: Andrew Alderwick <andrew@alderwick.co.uk> 2023-01-13 13:25:14 +0100
committer: default <nobody@localhost> 2023-01-13 13:25:14 +0100
commit: 3cb1725225567211c85226498bbc038cfe78d4fe (patch)
tree: 2a916a33a975e3c96a70c7cf005432bbd3222629 /data.c
parent: a99f742d739048f42c0a079f6c28a2ae2b4b9f2f (diff)
1 files changed, 10 insertions, 6 deletions
diff --git a/data.c b/data.c
index 18efd92..5e6ce63 100644
--- a/data.c
+++ b/data.c
@@ -86,15 +86,19 @@ int srv_open(char *basedir, int auto_upgrade)
     if (error != NULL)
         srv_log(error);
 
-/* disabled temporarily; messages can't be sent (libcurl issue?) */
-#if 0
 #ifdef __OpenBSD__
     srv_debug(2, xs_fmt("Calling unveil()"));
-    unveil(basedir,     "rwc");
-    unveil("/usr/sbin", "x");
-    unveil(NULL,        NULL);
+    unveil(basedir,                "rwc");
+    unveil("/usr/sbin/sendmail",   "x");
+    unveil("/etc/resolv.conf",     "r");
+    unveil("/etc/hosts",           "r");
+    unveil("/etc/ssl/openssl.cnf", "r");
+    unveil("/etc/ssl/cert.pem",    "r");
+    unveil("/usr/share/zoneinfo",  "r");
+    unveil(NULL,                   NULL);
+    srv_debug(2, xs_fmt("Calling pledge()"));
+    pledge("stdio rpath wpath cpath flock inet proc exec dns", NULL);
 #endif /* __OpenBSD__ */
-#endif
 
     return ret;
 }
author	Andrew Alderwick <andrew@alderwick.co.uk>	2023-01-13 13:25:14 +0100
committer	default <nobody@localhost>	2023-01-13 13:25:14 +0100
commit	3cb1725225567211c85226498bbc038cfe78d4fe (patch)
tree	2a916a33a975e3c96a70c7cf005432bbd3222629 /data.c
parent	a99f742d739048f42c0a079f6c28a2ae2b4b9f2f (diff)