Disable sandboxing by default for now. - snac2 - Fork of https://codeberg.org/grunfink/snac2

commit 9b04a3c5fd5ad1301f4c3a784dea85e74a0b177f
parent d479352548e05c057df3d6fe191a4c438be41b0e
Author: default <nobody@localhost>
Date:   Sun,  5 Jan 2025 16:19:15 +0100

Disable sandboxing by default for now.

Diffstat:
M sandbox.c  | 15 ++++++++++-----

1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/sandbox.c b/sandbox.c
@@ -83,6 +83,11 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
 
 void sbox_enter(const char *basedir)
 {
+    const char *address = xs_dict_get(srv_config, "address");
+
+    int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
+
+#if defined (__OpenBSD__)
     if (xs_is_true(xs_dict_get(srv_config, "disable_openbsd_security"))) {
         srv_log(xs_dup("disable_openbsd_security is deprecated. Use disable_sandbox instead."));
         return;
@@ -92,11 +97,6 @@ void sbox_enter(const char *basedir)
         return;
     }
 
-    const char *address = xs_dict_get(srv_config, "address");
-
-    int smail = !xs_is_true(xs_dict_get(srv_config, "disable_email_notifications"));
-
-#if defined (__OpenBSD__)
     srv_debug(1, xs_fmt("Calling unveil()"));
     unveil(basedir,                "rwc");
     unveil("/tmp",                 "rwc");
@@ -128,6 +128,11 @@ void sbox_enter(const char *basedir)
 
 #elif defined (__linux__)
     
+    if (xs_is_true(xs_dict_get_def(srv_config, "disable_sandbox", xs_stock(XSTYPE_TRUE)))) {
+        srv_debug(0, xs_dup("Sandbox disabled by admin"));
+        return;
+    }
+
     if (sbox_enter_linux_(basedir, address, smail) == 0)
         srv_log(xs_dup("landlocked"));
     else

	snac2 Fork of https://codeberg.org/grunfink/snac2
	git clone https://git.inz.fi/snac2
	Log \| Files \| Refs \| README \| LICENSE