From: kristaps@mdocml.bsd.lv
To: source@mdocml.bsd.lv
Subject: mdocml: Add support for Mac OS X's sandbox_init(3) sandbox
Date: Tue, 12 Jul 2016 00:19:08 -0500 (EST) [thread overview]
Message-ID: <13170614255633224307.enqueue@fantadrom.bsd.lv> (raw)
Log Message:
-----------
Add support for Mac OS X's sandbox_init(3) sandbox functionality, which
is marked as DEPRECATED in OS X after 2011 or so, but has not been
removed and has no replacement.
ok schwarze@
Modified Files:
--------------
mdocml:
Makefile
configure
main.c
mandocdb.c
Added Files:
-----------
mdocml:
test-sandbox_init.c
Revision Data
-------------
Index: configure
===================================================================
RCS file: /home/cvs/mdocml/mdocml/configure,v
retrieving revision 1.39
retrieving revision 1.40
diff -Lconfigure -Lconfigure -u -p -r1.39 -r1.40
--- configure
+++ configure
@@ -58,6 +58,7 @@ HAVE_PROGNAME=
HAVE_REALLOCARRAY=
HAVE_REWB_BSD=
HAVE_REWB_SYSV=
+HAVE_SANDBOX_INIT=
HAVE_STRCASESTR=
HAVE_STRINGLIST=
HAVE_STRLCAT=
@@ -186,6 +187,7 @@ runtest isblank ISBLANK || true
runtest mkdtemp MKDTEMP || true
runtest mmap MMAP || true
runtest pledge PLEDGE || true
+runtest sandbox_init SANDBOX_INIT || true
runtest progname PROGNAME || true
runtest reallocarray REALLOCARRAY || true
runtest rewb-bsd REWB_BSD || true
@@ -317,6 +319,7 @@ cat << __HEREDOC__
#define HAVE_REALLOCARRAY ${HAVE_REALLOCARRAY}
#define HAVE_REWB_BSD ${HAVE_REWB_BSD}
#define HAVE_REWB_SYSV ${HAVE_REWB_SYSV}
+#define HAVE_SANDBOX_INIT ${HAVE_SANDBOX_INIT}
#define HAVE_STRCASESTR ${HAVE_STRCASESTR}
#define HAVE_STRINGLIST ${HAVE_STRINGLIST}
#define HAVE_STRLCAT ${HAVE_STRLCAT}
--- /dev/null
+++ test-sandbox_init.c
@@ -0,0 +1,13 @@
+#include <sandbox.h>
+
+int
+main(void)
+{
+ char *ep;
+ int rc;
+
+ rc = sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, &ep);
+ if (-1 == rc)
+ sandbox_free_error(ep);
+ return(-1 == rc);
+}
Index: main.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/main.c,v
retrieving revision 1.268
retrieving revision 1.269
diff -Lmain.c -Lmain.c -u -p -r1.268 -r1.269
--- main.c
+++ main.c
@@ -30,6 +30,9 @@
#include <errno.h>
#include <fcntl.h>
#include <glob.h>
+#if HAVE_SANDBOX_INIT
+#include <sandbox.h>
+#endif
#include <signal.h>
#include <stdio.h>
#include <stdint.h>
@@ -157,6 +160,11 @@ main(int argc, char *argv[])
#if HAVE_PLEDGE
if (pledge("stdio rpath tmppath tty proc exec flock", NULL) == -1)
err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
+#if HAVE_SANDBOX_INIT
+ if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1)
+ errx((int)MANDOCLEVEL_SYSERR, "sandbox_init");
#endif
/* Search options. */
Index: mandocdb.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mandocdb.c,v
retrieving revision 1.217
retrieving revision 1.218
diff -Lmandocdb.c -Lmandocdb.c -u -p -r1.217 -r1.218
--- mandocdb.c
+++ mandocdb.c
@@ -34,6 +34,9 @@
#include "compat_fts.h"
#endif
#include <limits.h>
+#if HAVE_SANDBOX_INIT
+#include <sandbox.h>
+#endif
#include <stddef.h>
#include <stdio.h>
#include <stdint.h>
@@ -341,6 +344,13 @@ mandocdb(int argc, char *argv[])
#if HAVE_PLEDGE
if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) {
warn("pledge");
+ return (int)MANDOCLEVEL_SYSERR;
+ }
+#endif
+
+#if HAVE_SANDBOX_INIT
+ if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1) {
+ warnx("sandbox_init");
return (int)MANDOCLEVEL_SYSERR;
}
#endif
Index: Makefile
===================================================================
RCS file: /home/cvs/mdocml/mdocml/Makefile,v
retrieving revision 1.487
retrieving revision 1.488
diff -LMakefile -LMakefile -u -p -r1.487 -r1.488
--- Makefile
+++ Makefile
@@ -33,6 +33,7 @@ TESTSRCS = test-dirent-namlen.c \
test-reallocarray.c \
test-rewb-bsd.c \
test-rewb-sysv.c \
+ test-sandbox_init.c \
test-sqlite3.c \
test-sqlite3_errstr.c \
test-strcasestr.c \
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
reply other threads:[~2016-07-12 5:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=13170614255633224307.enqueue@fantadrom.bsd.lv \
--to=kristaps@mdocml.bsd.lv \
--cc=source@mdocml.bsd.lv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).