move all sandbox-related code to sandbox.c

while there, add capsicum for the logger process
author: Omar Polo <op@omarpolo.com> 2021-03-20 08:42:08 +0000
committer: Omar Polo <op@omarpolo.com> 2021-03-20 08:42:08 +0000
commit: 62e001b06778c96d0deebceddf1913f7b57ab2d6 (patch)
tree: 086b6df9d90bb36ebc2a6a210966cc2dc158561e /ex.c
parent: ad5301d1a00ba96c920fd89535cf9074b6e92088 (diff)
1 files changed, 2 insertions, 14 deletions
diff --git a/ex.c b/ex.c
index 6817024..645e865 100644
--- a/ex.c
+++ b/ex.c
@@ -270,23 +270,9 @@ handle_dispatch_imsg(int fd, short ev, void *d)
 int
 executor_main(struct imsgbuf *ibuf)
 {
-	struct vhost	*vhost;
 	struct event	 evs[PROC_MAX], imsgev;
 	int		 i;
 
-#ifdef __OpenBSD__
-	for (vhost = hosts; vhost->domain != NULL; ++vhost) {
-		/* r so we can chdir into the correct directory */
-		if (unveil(vhost->dir, "rx") == -1)
-			err(1, "unveil %s for domain %s",
-			    vhost->dir, vhost->domain);
-	}
-
-	/* rpath to chdir into the correct directory */
-	if (pledge("stdio rpath sendfd proc exec", NULL))
-		err(1, "pledge");
-#endif
-
 	event_init();
 
 	if (ibuf != NULL) {
@@ -301,6 +287,8 @@ executor_main(struct imsgbuf *ibuf)
 		event_add(&evs[i], NULL);
 	}
 
+	sandbox_executor_process();
+
 	event_dispatch();
 
 	return 1;
author	Omar Polo <op@omarpolo.com>	2021-03-20 08:42:08 +0000
committer	Omar Polo <op@omarpolo.com>	2021-03-20 08:42:08 +0000
commit	62e001b06778c96d0deebceddf1913f7b57ab2d6 (patch)
tree	086b6df9d90bb36ebc2a6a210966cc2dc158561e /ex.c
parent	ad5301d1a00ba96c920fd89535cf9074b6e92088 (diff)