only rwc /dev/shm when WITHOUT_SHM is undefined - snac2 - Fork of https://codeberg.org/grunfink/snac2

commit 972783fcb2d7855847f0ea0832da2abc71aa6b30
parent 017140f5235d5c379402715f2cbbe1fdd037ba16
Author: shtrophic <christoph@liebender.dev>
Date:   Tue, 19 Nov 2024 20:47:15 +0100

only rwc /dev/shm when WITHOUT_SHM is undefined

Diffstat:
M sandbox.c  | 2 ++

1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/sandbox.c b/sandbox.c
@@ -149,7 +149,9 @@ void sbox_enter(const char *basedir)
 
     LANDLOCK_PATH(basedir,                LL_RWCD);
     LANDLOCK_PATH("/tmp",                 LL_RWCD);
+#ifndef WITHOUT_SHM
     LANDLOCK_PATH("/dev/shm",             LL_RWCF);
+#endif
     LANDLOCK_PATH("/etc/resolv.conf",     LL_R  );
     LANDLOCK_PATH("/etc/hosts",           LL_R  );
     LANDLOCK_PATH("/etc/ssl/openssl.cnf", LL_R  );

	snac2 Fork of https://codeberg.org/grunfink/snac2
	git clone https://git.inz.fi/snac2
	Log \| Files \| Refs \| README \| LICENSE