diff options
| author | Omar Polo <op@omarpolo.com> | 2021-04-30 17:16:34 +0000 |
|---|---|---|
| committer | Omar Polo <op@omarpolo.com> | 2021-04-30 17:16:34 +0000 |
| commit | fdea6aa0bca24f6f947e2126ce101fd59caa7a31 (patch) | |
| tree | c167f225e73250eb8cc82347a23ce7a86cfbf027 /sandbox.c | |
| parent | adbe6a6493c0e91fcfc918db8f4b5839a2867b1c (diff) | |
allow ``root'' rule to be specified per-location block
Diffstat (limited to 'sandbox.c')
| -rw-r--r-- | sandbox.c | 28 |
1 files changed, 21 insertions, 7 deletions
@@ -280,11 +280,19 @@ sandbox_logger_process(void) void sandbox_server_process(void) { - struct vhost *h; + struct vhost *h; + struct location *l; TAILQ_FOREACH(h, &hosts, vhosts) { - if (unveil(h->dir, "r") == -1) - fatal("unveil %s for domain %s", h->dir, h->domain); + TAILQ_FOREACH(l, &h->locations, locations) { + if (l->dir == NULL) + continue; + + if (unveil(l->dir, "r") == -1) + fatal("unveil %s for domain %s", + l->dir, + h->domain); + } } if (pledge("stdio recvfd rpath inet", NULL) == -1) @@ -295,12 +303,18 @@ void sandbox_executor_process(void) { struct vhost *h; + struct location *l; TAILQ_FOREACH(h, &hosts, vhosts) { - /* r so we can chdir into the correct directory */ - if (unveil(h->dir, "rx") == -1) - err(1, "unveil %s for domain %s", - h->dir, h->domain); + TAILQ_FOREACH(l, &h->locations, locations) { + if (l->dir == NULL) + continue; + + /* r so we can chdir into the correct directory */ + if (unveil(l->dir, "rx") == -1) + fatal("unveil %s for domain %s", + l->dir, h->domain); + } } /* rpath to chdir into the correct directory */ |