1 e29dbd72 2021-01-23 op /*
 2 1a49166d 2021-01-23 op  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
 3 e29dbd72 2021-01-23 op  *
 4 e29dbd72 2021-01-23 op  * Permission to use, copy, modify, and distribute this software for any
 5 e29dbd72 2021-01-23 op  * purpose with or without fee is hereby granted, provided that the above
 6 e29dbd72 2021-01-23 op  * copyright notice and this permission notice appear in all copies.
 7 e29dbd72 2021-01-23 op  *
 8 e29dbd72 2021-01-23 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 9 e29dbd72 2021-01-23 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 e29dbd72 2021-01-23 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 e29dbd72 2021-01-23 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 e29dbd72 2021-01-23 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 e29dbd72 2021-01-23 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 e29dbd72 2021-01-23 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 e29dbd72 2021-01-23 op  */
16 e29dbd72 2021-01-23 op 
17 dafb57b8 2021-01-15 op #include "gmid.h"
18 eae52ad4 2023-06-06 op #include "log.h"
19 71b7eb2f 2021-01-17 op 
20 0b62f484 2023-05-08 op #if defined(__OpenBSD__)
21 71b7eb2f 2021-01-17 op 
22 71b7eb2f 2021-01-17 op #include <unistd.h>
23 71b7eb2f 2021-01-17 op 
24 dafb57b8 2021-01-15 op void
25 c26f2460 2023-06-08 op sandbox_main_process(void)
26 c26f2460 2023-06-08 op {
27 c26f2460 2023-06-08 op 	if (pledge("stdio rpath inet dns sendfd proc", NULL) == -1)
28 c26f2460 2023-06-08 op 		fatal("pledge");
29 c26f2460 2023-06-08 op }
30 c26f2460 2023-06-08 op 
31 c26f2460 2023-06-08 op void
32 1e0b9745 2023-05-08 op sandbox_server_process(void)
33 dafb57b8 2021-01-15 op {
34 fdea6aa0 2021-04-30 op 	struct vhost	*h;
35 fdea6aa0 2021-04-30 op 	struct location	*l;
36 dafb57b8 2021-01-15 op 
37 b8e64ccd 2021-03-31 op 	TAILQ_FOREACH(h, &hosts, vhosts) {
38 fdea6aa0 2021-04-30 op 		TAILQ_FOREACH(l, &h->locations, locations) {
39 534afd0d 2022-10-05 op 			if (*l->dir == '\0')
40 fdea6aa0 2021-04-30 op 				continue;
41 fdea6aa0 2021-04-30 op 
42 b24c6fcc 2022-11-27 op 			if (unveil(l->dir, "rw") == -1)
43 fdea6aa0 2021-04-30 op 				fatal("unveil %s for domain %s",
44 fdea6aa0 2021-04-30 op 				    l->dir,
45 fdea6aa0 2021-04-30 op 				    h->domain);
46 fdea6aa0 2021-04-30 op 		}
47 dafb57b8 2021-01-15 op 	}
48 dafb57b8 2021-01-15 op 
49 b24c6fcc 2022-11-27 op 	if (pledge("stdio recvfd rpath unix inet dns", NULL) == -1)
50 8e56d6ad 2021-02-11 op 		fatal("pledge");
51 dafb57b8 2021-01-15 op }
52 dafb57b8 2021-01-15 op 
53 dafb57b8 2021-01-15 op void
54 62e001b0 2021-03-20 op sandbox_logger_process(void)
55 62e001b0 2021-03-20 op {
56 e952c505 2021-06-15 op 	if (pledge("stdio recvfd", NULL) == -1)
57 2dd5994a 2023-06-06 op 		fatal("pledge");
58 62e001b0 2021-03-20 op }
59 62e001b0 2021-03-20 op 
60 62e001b0 2021-03-20 op #else
61 62e001b0 2021-03-20 op 
62 62e001b0 2021-03-20 op #warning "No sandbox method known for this OS"
63 62e001b0 2021-03-20 op 
64 62e001b0 2021-03-20 op void
65 1e0b9745 2023-05-08 op sandbox_server_process(void)
66 62e001b0 2021-03-20 op {
67 62e001b0 2021-03-20 op 	return;
68 62e001b0 2021-03-20 op }
69 62e001b0 2021-03-20 op 
70 62e001b0 2021-03-20 op void
71 62e001b0 2021-03-20 op sandbox_logger_process(void)
72 62e001b0 2021-03-20 op {
73 62e001b0 2021-03-20 op 	return;
74 62e001b0 2021-03-20 op }
75 62e001b0 2021-03-20 op 
76 dafb57b8 2021-01-15 op #endif