From b530ccc899a8cc8c63bad29abe1e479eb999b167 Mon Sep 17 00:00:00 2001
From: bptato <nincsnevem662@gmail.com>
Date: Thu, 28 Mar 2024 01:36:29 +0100
Subject: Add capsicum support

It's the sandboxing system of FreeBSD. Quite pleasant to work with.

(Just trying to figure out the basics with this one before tackling the
abomination that is seccomp.)

Indeed, the only non-trivial part was getting newSelector to work with
Capsicum. Long story short it doesn't, so we use an ugly pointer cast +
assignment. But even that is stdlib's "fault", not Capsicum's.

This also gets rid of that ugly SocketPath global.
---
 src/bindings/capsicum.nim | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 src/bindings/capsicum.nim

(limited to 'src/bindings')

diff --git a/src/bindings/capsicum.nim b/src/bindings/capsicum.nim
new file mode 100644
index 00000000..e01c3efb
--- /dev/null
+++ b/src/bindings/capsicum.nim
@@ -0,0 +1,6 @@
+{.push header: "sys/capsicum.h", importc.}
+
+proc cap_enter*(): cint
+proc cap_getmode*(modep: ptr cuint): cint
+
+{.pop.}
-- 
cgit 1.4.1-2-gfad0