Add capsicum support

It's the sandboxing system of FreeBSD. Quite pleasant to work with.

(Just trying to figure out the basics with this one before tackling the
abomination that is seccomp.)

Indeed, the only non-trivial part was getting newSelector to work with
Capsicum. Long story short it doesn't, so we use an ugly pointer cast +
assignment. But even that is stdlib's "fault", not Capsicum's.

This also gets rid of that ugly SocketPath global.

1 files changed, 16 insertions, 0 deletions

diff --git a/src/io/connect_unix.c b/src/io/connect_unix.c
index 26b3d6db..41faab11 100644
--- a/src/io/connect_unix.c
+++ b/src/io/connect_unix.c
@@ -1,4 +1,5 @@
 #include <stddef.h>
+#include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 
@@ -12,3 +13,18 @@ int connect_unix_from_c(int socket, const char *path, int pathlen)
 	memcpy(sa.sun_path, path, pathlen + 1);
 	return connect(socket, (struct sockaddr *)&sa, len);
 }
+
+#ifdef __FreeBSD__
+#include <fcntl.h>
+
+int connectat_unix_from_c(int fd, int socket, const char *path, int pathlen)
+{
+	struct sockaddr_un sa = {
+		.sun_family = AF_UNIX
+	};
+	int len = offsetof(struct sockaddr_un, sun_path) + pathlen + 1;
+
+	memcpy(sa.sun_path, path, pathlen + 1);
+	return connectat(fd, socket, (struct sockaddr *)&sa, len);
+}
+#endif