1 /*
2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include "gmid.h"
18 #include "log.h"
19 
20 #if defined(__OpenBSD__)
21 
22 #include <unistd.h>
23 
24 void
25 sandbox_main_process(void)
26 {
27 	if (pledge("stdio rpath inet dns sendfd proc", NULL) == -1)
28 		fatal("pledge");
29 }
30 
31 void
32 sandbox_server_process(void)
33 {
34 	if (pledge("stdio recvfd rpath unix inet dns", NULL) == -1)
35 		fatal("pledge");
36 }
37 
38 void
39 sandbox_logger_process(void)
40 {
41 	if (pledge("stdio recvfd", NULL) == -1)
42 		fatal("pledge");
43 }
44 
45 #else
46 
47 #warning "No sandbox method known for this OS"
48 
49 void
50 sandbox_main_process(void)
51 {
52 	return;
53 }
54 
55 void
56 sandbox_server_process(void)
57 {
58 	return;
59 }
60 
61 void
62 sandbox_logger_process(void)
63 {
64 	return;
65 }
66 
67 #endif