[prev in list] [next in list] [prev in thread] [next in thread]
List: mandoc-source
Subject: mdocml: Add support for Mac OS X's sandbox_init(3) sandbox
From: kristaps () mdocml ! bsd ! lv
Date: 2016-07-12 5:19:08
Message-ID: 13170614255633224307.enqueue () fantadrom ! bsd ! lv
[Download RAW message or body]
Log Message:
-----------
Add support for Mac OS X's sandbox_init(3) sandbox functionality, which
is marked as DEPRECATED in OS X after 2011 or so, but has not been
removed and has no replacement.
ok schwarze@
Modified Files:
--------------
mdocml:
Makefile
configure
main.c
mandocdb.c
Added Files:
-----------
mdocml:
test-sandbox_init.c
Revision Data
-------------
Index: configure
===================================================================
RCS file: /home/cvs/mdocml/mdocml/configure,v
retrieving revision 1.39
retrieving revision 1.40
diff -Lconfigure -Lconfigure -u -p -r1.39 -r1.40
--- configure
+++ configure
@@ -58,6 +58,7 @@ HAVE_PROGNAME=
HAVE_REALLOCARRAY=
HAVE_REWB_BSD=
HAVE_REWB_SYSV=
+HAVE_SANDBOX_INIT=
HAVE_STRCASESTR=
HAVE_STRINGLIST=
HAVE_STRLCAT=
@@ -186,6 +187,7 @@ runtest isblank ISBLANK || true
runtest mkdtemp MKDTEMP || true
runtest mmap MMAP || true
runtest pledge PLEDGE || true
+runtest sandbox_init SANDBOX_INIT || true
runtest progname PROGNAME || true
runtest reallocarray REALLOCARRAY || true
runtest rewb-bsd REWB_BSD || true
@@ -317,6 +319,7 @@ cat << __HEREDOC__
#define HAVE_REALLOCARRAY ${HAVE_REALLOCARRAY}
#define HAVE_REWB_BSD ${HAVE_REWB_BSD}
#define HAVE_REWB_SYSV ${HAVE_REWB_SYSV}
+#define HAVE_SANDBOX_INIT ${HAVE_SANDBOX_INIT}
#define HAVE_STRCASESTR ${HAVE_STRCASESTR}
#define HAVE_STRINGLIST ${HAVE_STRINGLIST}
#define HAVE_STRLCAT ${HAVE_STRLCAT}
--- /dev/null
+++ test-sandbox_init.c
@@ -0,0 +1,13 @@
+#include <sandbox.h>
+
+int
+main(void)
+{
+ char *ep;
+ int rc;
+
+ rc = sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, &ep);
+ if (-1 == rc)
+ sandbox_free_error(ep);
+ return(-1 == rc);
+}
Index: main.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/main.c,v
retrieving revision 1.268
retrieving revision 1.269
diff -Lmain.c -Lmain.c -u -p -r1.268 -r1.269
--- main.c
+++ main.c
@@ -30,6 +30,9 @@
#include <errno.h>
#include <fcntl.h>
#include <glob.h>
+#if HAVE_SANDBOX_INIT
+#include <sandbox.h>
+#endif
#include <signal.h>
#include <stdio.h>
#include <stdint.h>
@@ -157,6 +160,11 @@ main(int argc, char *argv[])
#if HAVE_PLEDGE
if (pledge("stdio rpath tmppath tty proc exec flock", NULL) == -1)
err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
+#if HAVE_SANDBOX_INIT
+ if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1)
+ errx((int)MANDOCLEVEL_SYSERR, "sandbox_init");
#endif
/* Search options. */
Index: mandocdb.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mandocdb.c,v
retrieving revision 1.217
retrieving revision 1.218
diff -Lmandocdb.c -Lmandocdb.c -u -p -r1.217 -r1.218
--- mandocdb.c
+++ mandocdb.c
@@ -34,6 +34,9 @@
#include "compat_fts.h"
#endif
#include <limits.h>
+#if HAVE_SANDBOX_INIT
+#include <sandbox.h>
+#endif
#include <stddef.h>
#include <stdio.h>
#include <stdint.h>
@@ -341,6 +344,13 @@ mandocdb(int argc, char *argv[])
#if HAVE_PLEDGE
if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) {
warn("pledge");
+ return (int)MANDOCLEVEL_SYSERR;
+ }
+#endif
+
+#if HAVE_SANDBOX_INIT
+ if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1) {
+ warnx("sandbox_init");
return (int)MANDOCLEVEL_SYSERR;
}
#endif
Index: Makefile
===================================================================
RCS file: /home/cvs/mdocml/mdocml/Makefile,v
retrieving revision 1.487
retrieving revision 1.488
diff -LMakefile -LMakefile -u -p -r1.487 -r1.488
--- Makefile
+++ Makefile
@@ -33,6 +33,7 @@ TESTSRCS = test-dirent-namlen.c \
test-reallocarray.c \
test-rewb-bsd.c \
test-rewb-sysv.c \
+ test-sandbox_init.c \
test-sqlite3.c \
test-sqlite3_errstr.c \
test-strcasestr.c \
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic