www.tinc-vpn.org Git - tinc/blob - src/bsd/openbsd/tincctl.c

   1 #include "../../system.h"
   2
   3 #include "sandbox.h"
   4 #include "../../sandbox.h"
   5
   6 static const char *promises =
   7         "stdio"  // General I/O
   8         " rpath" // Read configs & keys
   9         " wpath" // Write same
  10         " cpath" // Create same
  11         " fattr" // chmod() same
  12         " proc"  // Check that tincd is running with kill()
  13         " dns"   // Resolve domain names
  14         " inet"  // Check that port is available
  15         " unix"  // Control connection to tincd
  16         " exec"  // Start tincd
  17 #if defined(HAVE_CURSES) || defined(HAVE_READLINE)
  18         " tty"
  19 #endif
  20         ;
  21
  22 static sandbox_level_t current_level = SANDBOX_NONE;
  23
  24 void sandbox_set_level(sandbox_level_t level) {
  25         current_level = level;
  26 }
  27
  28 bool sandbox_enter() {
  29         if(current_level == SANDBOX_NONE) {
  30                 return true;
  31         } else {
  32                 return restrict_privs(promises, PROMISES_ALL);
  33         }
  34 }
  35
  36 bool sandbox_can(sandbox_action_t action, sandbox_time_t when) {
  37         (void)action;
  38         (void)when;
  39         return true;
  40 }