From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]) by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id d8e4733d for ; Tue, 12 Jul 2016 00:19:08 -0500 (EST) Date: Tue, 12 Jul 2016 00:19:08 -0500 (EST) Message-Id: <13170614255633224307.enqueue@fantadrom.bsd.lv> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: kristaps@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Add support for Mac OS X's sandbox_init(3) sandbox X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Add support for Mac OS X's sandbox_init(3) sandbox functionality, which is marked as DEPRECATED in OS X after 2011 or so, but has not been removed and has no replacement. ok schwarze@ Modified Files: -------------- mdocml: Makefile configure main.c mandocdb.c Added Files: ----------- mdocml: test-sandbox_init.c Revision Data ------------- Index: configure =================================================================== RCS file: /home/cvs/mdocml/mdocml/configure,v retrieving revision 1.39 retrieving revision 1.40 diff -Lconfigure -Lconfigure -u -p -r1.39 -r1.40 --- configure +++ configure @@ -58,6 +58,7 @@ HAVE_PROGNAME= HAVE_REALLOCARRAY= HAVE_REWB_BSD= HAVE_REWB_SYSV= +HAVE_SANDBOX_INIT= HAVE_STRCASESTR= HAVE_STRINGLIST= HAVE_STRLCAT= @@ -186,6 +187,7 @@ runtest isblank ISBLANK || true runtest mkdtemp MKDTEMP || true runtest mmap MMAP || true runtest pledge PLEDGE || true +runtest sandbox_init SANDBOX_INIT || true runtest progname PROGNAME || true runtest reallocarray REALLOCARRAY || true runtest rewb-bsd REWB_BSD || true @@ -317,6 +319,7 @@ cat << __HEREDOC__ #define HAVE_REALLOCARRAY ${HAVE_REALLOCARRAY} #define HAVE_REWB_BSD ${HAVE_REWB_BSD} #define HAVE_REWB_SYSV ${HAVE_REWB_SYSV} +#define HAVE_SANDBOX_INIT ${HAVE_SANDBOX_INIT} #define HAVE_STRCASESTR ${HAVE_STRCASESTR} #define HAVE_STRINGLIST ${HAVE_STRINGLIST} #define HAVE_STRLCAT ${HAVE_STRLCAT} --- /dev/null +++ test-sandbox_init.c @@ -0,0 +1,13 @@ +#include + +int +main(void) +{ + char *ep; + int rc; + + rc = sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, &ep); + if (-1 == rc) + sandbox_free_error(ep); + return(-1 == rc); +} Index: main.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/main.c,v retrieving revision 1.268 retrieving revision 1.269 diff -Lmain.c -Lmain.c -u -p -r1.268 -r1.269 --- main.c +++ main.c @@ -30,6 +30,9 @@ #include #include #include +#if HAVE_SANDBOX_INIT +#include +#endif #include #include #include @@ -157,6 +160,11 @@ main(int argc, char *argv[]) #if HAVE_PLEDGE if (pledge("stdio rpath tmppath tty proc exec flock", NULL) == -1) err((int)MANDOCLEVEL_SYSERR, "pledge"); +#endif + +#if HAVE_SANDBOX_INIT + if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1) + errx((int)MANDOCLEVEL_SYSERR, "sandbox_init"); #endif /* Search options. */ Index: mandocdb.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/mandocdb.c,v retrieving revision 1.217 retrieving revision 1.218 diff -Lmandocdb.c -Lmandocdb.c -u -p -r1.217 -r1.218 --- mandocdb.c +++ mandocdb.c @@ -34,6 +34,9 @@ #include "compat_fts.h" #endif #include +#if HAVE_SANDBOX_INIT +#include +#endif #include #include #include @@ -341,6 +344,13 @@ mandocdb(int argc, char *argv[]) #if HAVE_PLEDGE if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) { warn("pledge"); + return (int)MANDOCLEVEL_SYSERR; + } +#endif + +#if HAVE_SANDBOX_INIT + if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1) { + warnx("sandbox_init"); return (int)MANDOCLEVEL_SYSERR; } #endif Index: Makefile =================================================================== RCS file: /home/cvs/mdocml/mdocml/Makefile,v retrieving revision 1.487 retrieving revision 1.488 diff -LMakefile -LMakefile -u -p -r1.487 -r1.488 --- Makefile +++ Makefile @@ -33,6 +33,7 @@ TESTSRCS = test-dirent-namlen.c \ test-reallocarray.c \ test-rewb-bsd.c \ test-rewb-sysv.c \ + test-sandbox_init.c \ test-sqlite3.c \ test-sqlite3_errstr.c \ test-strcasestr.c \ -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv