1 dafb57b8 2021-01-15 op #include "gmid.h"
3 dafb57b8 2021-01-15 op #if defined(__FreeBSD__)
5 dafb57b8 2021-01-15 op #include <sys/capsicum.h>
6 dafb57b8 2021-01-15 op #include <err.h>
11 dafb57b8 2021-01-15 op struct vhost *h;
12 dafb57b8 2021-01-15 op int has_cgi = 0;
14 dafb57b8 2021-01-15 op for (h = hosts; h->domain != NULL; ++h)
15 dafb57b8 2021-01-15 op if (h->cgi != NULL)
18 dafb57b8 2021-01-15 op if (cap_enter() == -1)
19 dafb57b8 2021-01-15 op err(1, "cap_enter");
22 dafb57b8 2021-01-15 op #elif defined(__linux__)
27 dafb57b8 2021-01-15 op /* TODO: seccomp */
30 dafb57b8 2021-01-15 op #elif defined(__OpenBSD__)
32 dafb57b8 2021-01-15 op #include <err.h>
33 dafb57b8 2021-01-15 op #include <unistd.h>
38 dafb57b8 2021-01-15 op struct vhost *h;
40 dafb57b8 2021-01-15 op for (h = hosts; h->domain != NULL; ++h) {
41 dafb57b8 2021-01-15 op if (unveil(h->dir, "rx") == -1)
42 dafb57b8 2021-01-15 op err(1, "unveil %s for domain %s", h->dir, h->domain);
45 881a9dd9 2021-01-16 op if (pledge("stdio recvfd rpath inet", NULL) == -1)
46 dafb57b8 2021-01-15 op err(1, "pledge");
54 dafb57b8 2021-01-15 op LOGN(NULL, "%s", "no sandbox method known for this OS");