diff options
| author |   Kristaps Dzonsons <kristaps@bsd.lv> | 2016-07-12 05:18:38 +0000 |
|---|---|---|
| committer | Kristaps Dzonsons <kristaps@bsd.lv> | 2016-07-12 05:18:38 +0000 |
| commit | f542fd5ca7a16165d80c5f968777e7a4bf71e6f1 (patch) | |
| tree | a60e83176d01c8e55e89b917496c94f3eca8a812 /main.c | |
| parent | af7a169637d40943e8d31fa35588170dabefcb23 (diff) | |
| download | mandoc-f542fd5ca7a16165d80c5f968777e7a4bf71e6f1.tar.gz mandoc-f542fd5ca7a16165d80c5f968777e7a4bf71e6f1.tar.zst mandoc-f542fd5ca7a16165d80c5f968777e7a4bf71e6f1.zip | |
Add support for Mac OS X's sandbox_init(3) sandbox functionality, which
is marked as DEPRECATED in OS X after 2011 or so, but has not been
removed and has no replacement.
ok schwarze@
Diffstat (limited to 'main.c')
| -rw-r--r-- | main.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.268 2016/07/10 14:05:13 schwarze Exp $ */ +/* $Id: main.c,v 1.269 2016/07/12 05:18:38 kristaps Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010-2012, 2014-2016 Ingo Schwarze <schwarze@openbsd.org> @@ -30,6 +30,9 @@ #include <errno.h> #include <fcntl.h> #include <glob.h> +#if HAVE_SANDBOX_INIT +#include <sandbox.h> +#endif #include <signal.h> #include <stdio.h> #include <stdint.h> @@ -159,6 +162,11 @@ main(int argc, char *argv[]) err((int)MANDOCLEVEL_SYSERR, "pledge"); #endif +#if HAVE_SANDBOX_INIT + if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1) + errx((int)MANDOCLEVEL_SYSERR, "sandbox_init"); +#endif + /* Search options. */ memset(&conf, 0, sizeof(conf)); |