diff options
| author | bptato <nincsnevem662@gmail.com> | 2024-04-03 18:54:07 +0200 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-04-03 19:08:34 +0200 |
| commit | 5cf524958fc73d6912aef4866500b0cc46fa1bc6 (patch) | |
| tree | acc298fe143f5f9cfd9eff591fd52e5fb1e3866b /adapter/protocol | |
| parent | af92dd1711181586a58843216e5fdd9c48876e59 (diff) | |
| download | chawan-5cf524958fc73d6912aef4866500b0cc46fa1bc6.tar.gz | |
sandbox: add OpenBSD pledge/unveil support
pledge is a bit more fine-grained than Capsicum's capability mode,
so the buffer & http ("network") sandboxes are now split up into
two parts.
I applied the same hack as in FreeBSD for overriding the buffer
selector kqueue, because a) I didn't want to request sysctl promise
b) I'm not sure if it would even work and c) if it breaks on OpenBSD,
then it's broken on FreeBSD too, so there's a greater chance of
discovering the bug.
Diffstat (limited to 'adapter/protocol')
| -rw-r--r-- | adapter/protocol/http.nim | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/adapter/protocol/http.nim b/adapter/protocol/http.nim index 426a9dab..ec56b6f4 100644 --- a/adapter/protocol/http.nim +++ b/adapter/protocol/http.nim @@ -78,7 +78,7 @@ proc curlPreRequest(clientp: pointer, conn_primary_ip, conn_local_ip: cstring, let op = cast[HttpHandle](clientp) op.connectreport = true puts("Cha-Control: Connected\n") - enterSandbox() + enterNetworkSandbox() return 0 # ok proc main() = |