commit - d29a2ee2246e1b1b0c5222a823820e42422c894e
commit + 1ab7c96bb305e818b5dfa3b525d5ff635ad12a0a
blob - c3ba0491522221278f4796f3d2a1c51c2827f002
blob + f9056f0b96c7b44619d014132a40a2946c1b86f7
--- gmid.h
+++ gmid.h
@@ -368,7 +368,6 @@ void		 fcgi_req(struct client *);
 
 /* sandbox.c */
 void		 sandbox_server_process(void);
-void		 sandbox_executor_process(void);
 void		 sandbox_logger_process(void);
 
 /* utf8.c */
blob - 45f175d8ee59374625f1428eb8d301f466505673
blob + 78fc079906d679e45ce03e8477bd58614288e2f3
--- sandbox.c
+++ sandbox.c
@@ -27,13 +27,6 @@ sandbox_server_process(void)
 }
 
 void
-sandbox_executor_process(void)
-{
-	log_notice(NULL, "Sandbox disabled!  "
-	    "Please report issues upstream instead of disabling the sandbox.");
-}
-
-void
 sandbox_logger_process(void)
 {
 	return;
@@ -51,16 +44,6 @@ sandbox_server_process(void)
 }
 
 void
-sandbox_executor_process(void)
-{
-	/*
-	 * We cannot capsicum the executor process because it needs to
-	 * fork(2)+execve(2) cgi scripts
-	 */
-	return;
-}
-
-void
 sandbox_logger_process(void)
 {
 	if (cap_enter() == -1)
@@ -578,18 +561,6 @@ sandbox_server_process(void)
 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) == -1)
 		fatal("%s: prctl(PR_SET_SECCOMP): %s\n",
 		    __func__, strerror(errno));
-}
-
-void
-sandbox_executor_process(void)
-{
-	/*
-	 * We cannot use seccomp for the executor process because we
-	 * don't know what the child will do.  Also, our filter will
-	 * be inherited so the child cannot set its own seccomp
-	 * policy.
-	 */
-	return;
 }
 
 void
@@ -643,48 +614,6 @@ sandbox_server_process(void)
 }
 
 void
-sandbox_executor_process(void)
-{
-	struct vhost	*h;
-	struct location	*l;
-	struct fcgi	*f;
-	size_t		 i;
-
-	TAILQ_FOREACH(h, &hosts, vhosts) {
-		TAILQ_FOREACH(l, &h->locations, locations) {
-			if (l->dir == NULL)
-				continue;
-
-			/* r so we can chdir into the directory */
-			if (unveil(l->dir, "rx") == -1)
-				fatal("unveil %s for domain %s",
-				    l->dir, h->domain);
-		}
-	}
-
-	for (i = 0; i < FCGI_MAX; i++) {
-		f = &fcgi[i];
-		if (f->path != NULL) {
-			if (unveil(f->path, "rw") == -1)
-				fatal("unveil %s", f->path);
-		}
-
-		if (f->prog != NULL) {
-			if (unveil(f->prog, "rx") == -1)
-				fatal("unveil %s", f->prog);
-		}
-	}
-
-	/*
-	 * rpath: to chdir into the correct directory
-	 * proc exec: CGI
-	 * dns inet unix: FastCGI
-	 */
-	if (pledge("stdio rpath sendfd proc exec dns inet unix", NULL))
-		err(1, "pledge");
-}
-
-void
 sandbox_logger_process(void)
 {
 	if (pledge("stdio recvfd", NULL) == -1)
@@ -702,12 +631,6 @@ sandbox_server_process(void)
 }
 
 void
-sandbox_executor_process(void)
-{
-	log_notice(NULL, "no sandbox method known for this OS");
-}
-
-void
 sandbox_logger_process(void)
 {
 	return;