about summary refs log tree commit diff stats
path: root/src/server/forkserver.nim
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/forkserver.nim')
-rw-r--r--src/server/forkserver.nim3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/server/forkserver.nim b/src/server/forkserver.nim
index d972958a..a5a9ff64 100644
--- a/src/server/forkserver.nim
+++ b/src/server/forkserver.nim
@@ -153,8 +153,9 @@ proc forkBuffer(ctx: var ForkServerContext; r: var BufferedReader): int =
     closeStdout()
     # must call before entering the sandbox, or capsicum cries because of Nim
     # calling sysctl
+    # also lets us deny sysctl call with pledge
     let selector = newSelector[int]()
-    enterSandbox()
+    enterBufferSandbox(sockDir)
     let pid = getCurrentProcessId()
     let ssock = initServerSocket(sockDir, sockDirFd, pid)
     gssock = ssock
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2025-01-10 15:18:42 +0000