From 5cf524958fc73d6912aef4866500b0cc46fa1bc6 Mon Sep 17 00:00:00 2001 From: bptato Date: Wed, 3 Apr 2024 18:54:07 +0200 Subject: sandbox: add OpenBSD pledge/unveil support pledge is a bit more fine-grained than Capsicum's capability mode, so the buffer & http ("network") sandboxes are now split up into two parts. I applied the same hack as in FreeBSD for overriding the buffer selector kqueue, because a) I didn't want to request sysctl promise b) I'm not sure if it would even work and c) if it breaks on OpenBSD, then it's broken on FreeBSD too, so there's a greater chance of discovering the bug. --- src/server/forkserver.nim | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/server/forkserver.nim') diff --git a/src/server/forkserver.nim b/src/server/forkserver.nim index d972958a..a5a9ff64 100644 --- a/src/server/forkserver.nim +++ b/src/server/forkserver.nim @@ -153,8 +153,9 @@ proc forkBuffer(ctx: var ForkServerContext; r: var BufferedReader): int = closeStdout() # must call before entering the sandbox, or capsicum cries because of Nim # calling sysctl + # also lets us deny sysctl call with pledge let selector = newSelector[int]() - enterSandbox() + enterBufferSandbox(sockDir) let pid = getCurrentProcessId() let ssock = initServerSocket(sockDir, sockDirFd, pid) gssock = ssock -- cgit 1.4.1-2-gfad0