On OpenBSD, don't enable sendmail if email notifications are disabled.

author: default <nobody@localhost> 2024-04-02 17:44:27 +0200
committer: default <nobody@localhost> 2024-04-02 17:44:27 +0200
commit: b6f8d8e900fd7db1e8ffa886976f9ae4d520ba25 (patch)
tree: 02dc166b9347c9934288097ddc25aec172d69ab6 /data.c
parent: b8975b472d5668a8f56347077ff7262ef21be2cb (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/data.c b/data.c
index 142fe8c..7dd7d19 100644
--- a/data.c
+++ b/data.c
@@ -117,18 +117,27 @@ int srv_open(char *basedir, int auto_upgrade)
         srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
     }
     else {
+        int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;
+
         srv_debug(1, xs_fmt("Calling unveil()"));
         unveil(basedir,                "rwc");
         unveil("/tmp",                 "rwc");
-        unveil("/usr/sbin/sendmail",   "x");
         unveil("/etc/resolv.conf",     "r");
         unveil("/etc/hosts",           "r");
         unveil("/etc/ssl/openssl.cnf", "r");
         unveil("/etc/ssl/cert.pem",    "r");
         unveil("/usr/share/zoneinfo",  "r");
+
+        if (smail)
+            unveil("/usr/sbin/sendmail",   "x");
+
         unveil(NULL,                   NULL);
         srv_debug(1, xs_fmt("Calling pledge()"));
-        pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
+
+        if (smail)
+            pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
+        else
+            pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);
     }
 #endif /* __OpenBSD__ */
author	default <nobody@localhost>	2024-04-02 17:44:27 +0200
committer	default <nobody@localhost>	2024-04-02 17:44:27 +0200
commit	b6f8d8e900fd7db1e8ffa886976f9ae4d520ba25 (patch)
tree	02dc166b9347c9934288097ddc25aec172d69ab6 /data.c
parent	b8975b472d5668a8f56347077ff7262ef21be2cb (diff)