* mdocml: Add support for Mac OS X's sandbox_init(3) sandbox
@ 2016-07-12 5:19 kristaps
0 siblings, 0 replies; only message in thread
From: kristaps @ 2016-07-12 5:19 UTC (permalink / raw)
To: source
Log Message:
-----------
Add support for Mac OS X's sandbox_init(3) sandbox functionality, which
is marked as DEPRECATED in OS X after 2011 or so, but has not been
removed and has no replacement.
ok schwarze@
Modified Files:
--------------
mdocml:
Makefile
configure
main.c
mandocdb.c
Added Files:
-----------
mdocml:
test-sandbox_init.c
Revision Data
-------------
Index: configure
===================================================================
RCS file: /home/cvs/mdocml/mdocml/configure,v
retrieving revision 1.39
retrieving revision 1.40
diff -Lconfigure -Lconfigure -u -p -r1.39 -r1.40
--- configure
+++ configure
@@ -58,6 +58,7 @@ HAVE_PROGNAME=
HAVE_REALLOCARRAY=
HAVE_REWB_BSD=
HAVE_REWB_SYSV=
+HAVE_SANDBOX_INIT=
HAVE_STRCASESTR=
HAVE_STRINGLIST=
HAVE_STRLCAT=
@@ -186,6 +187,7 @@ runtest isblank ISBLANK || true
runtest mkdtemp MKDTEMP || true
runtest mmap MMAP || true
runtest pledge PLEDGE || true
+runtest sandbox_init SANDBOX_INIT || true
runtest progname PROGNAME || true
runtest reallocarray REALLOCARRAY || true
runtest rewb-bsd REWB_BSD || true
@@ -317,6 +319,7 @@ cat << __HEREDOC__
#define HAVE_REALLOCARRAY ${HAVE_REALLOCARRAY}
#define HAVE_REWB_BSD ${HAVE_REWB_BSD}
#define HAVE_REWB_SYSV ${HAVE_REWB_SYSV}
+#define HAVE_SANDBOX_INIT ${HAVE_SANDBOX_INIT}
#define HAVE_STRCASESTR ${HAVE_STRCASESTR}
#define HAVE_STRINGLIST ${HAVE_STRINGLIST}
#define HAVE_STRLCAT ${HAVE_STRLCAT}
--- /dev/null
+++ test-sandbox_init.c
@@ -0,0 +1,13 @@
+#include <sandbox.h>
+
+int
+main(void)
+{
+ char *ep;
+ int rc;
+
+ rc = sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, &ep);
+ if (-1 == rc)
+ sandbox_free_error(ep);
+ return(-1 == rc);
+}
Index: main.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/main.c,v
retrieving revision 1.268
retrieving revision 1.269
diff -Lmain.c -Lmain.c -u -p -r1.268 -r1.269
--- main.c
+++ main.c
@@ -30,6 +30,9 @@
#include <errno.h>
#include <fcntl.h>
#include <glob.h>
+#if HAVE_SANDBOX_INIT
+#include <sandbox.h>
+#endif
#include <signal.h>
#include <stdio.h>
#include <stdint.h>
@@ -157,6 +160,11 @@ main(int argc, char *argv[])
#if HAVE_PLEDGE
if (pledge("stdio rpath tmppath tty proc exec flock", NULL) == -1)
err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
+#if HAVE_SANDBOX_INIT
+ if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1)
+ errx((int)MANDOCLEVEL_SYSERR, "sandbox_init");
#endif
/* Search options. */
Index: mandocdb.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mandocdb.c,v
retrieving revision 1.217
retrieving revision 1.218
diff -Lmandocdb.c -Lmandocdb.c -u -p -r1.217 -r1.218
--- mandocdb.c
+++ mandocdb.c
@@ -34,6 +34,9 @@
#include "compat_fts.h"
#endif
#include <limits.h>
+#if HAVE_SANDBOX_INIT
+#include <sandbox.h>
+#endif
#include <stddef.h>
#include <stdio.h>
#include <stdint.h>
@@ -341,6 +344,13 @@ mandocdb(int argc, char *argv[])
#if HAVE_PLEDGE
if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) {
warn("pledge");
+ return (int)MANDOCLEVEL_SYSERR;
+ }
+#endif
+
+#if HAVE_SANDBOX_INIT
+ if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1) {
+ warnx("sandbox_init");
return (int)MANDOCLEVEL_SYSERR;
}
#endif
Index: Makefile
===================================================================
RCS file: /home/cvs/mdocml/mdocml/Makefile,v
retrieving revision 1.487
retrieving revision 1.488
diff -LMakefile -LMakefile -u -p -r1.487 -r1.488
--- Makefile
+++ Makefile
@@ -33,6 +33,7 @@ TESTSRCS = test-dirent-namlen.c \
test-reallocarray.c \
test-rewb-bsd.c \
test-rewb-sysv.c \
+ test-sandbox_init.c \
test-sqlite3.c \
test-sqlite3_errstr.c \
test-strcasestr.c \
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-07-12 5:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-12 5:19 mdocml: Add support for Mac OS X's sandbox_init(3) sandbox kristaps
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).