diff options
author | 2016-07-12 05:18:38 +0000 | |
---|---|---|
committer | 2016-07-12 05:18:38 +0000 | |
commit | f542fd5ca7a16165d80c5f968777e7a4bf71e6f1 (patch) | |
tree | a60e83176d01c8e55e89b917496c94f3eca8a812 /mandocdb.c | |
parent | af7a169637d40943e8d31fa35588170dabefcb23 (diff) | |
download | mandoc-f542fd5ca7a16165d80c5f968777e7a4bf71e6f1.tar.gz mandoc-f542fd5ca7a16165d80c5f968777e7a4bf71e6f1.tar.zst mandoc-f542fd5ca7a16165d80c5f968777e7a4bf71e6f1.zip |
Add support for Mac OS X's sandbox_init(3) sandbox functionality, which
is marked as DEPRECATED in OS X after 2011 or so, but has not been
removed and has no replacement.
ok schwarze@
Diffstat (limited to 'mandocdb.c')
-rw-r--r-- | mandocdb.c | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $Id: mandocdb.c,v 1.217 2016/07/09 15:24:19 schwarze Exp $ */ +/* $Id: mandocdb.c,v 1.218 2016/07/12 05:18:38 kristaps Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2011-2016 Ingo Schwarze <schwarze@openbsd.org> @@ -34,6 +34,9 @@ #include "compat_fts.h" #endif #include <limits.h> +#if HAVE_SANDBOX_INIT +#include <sandbox.h> +#endif #include <stddef.h> #include <stdio.h> #include <stdint.h> @@ -345,6 +348,13 @@ mandocdb(int argc, char *argv[]) } #endif +#if HAVE_SANDBOX_INIT + if (sandbox_init(kSBXProfileNoInternet, SANDBOX_NAMED, NULL) == -1) { + warnx("sandbox_init"); + return (int)MANDOCLEVEL_SYSERR; + } +#endif + memset(&conf, 0, sizeof(conf)); memset(stmts, 0, STMT__MAX * sizeof(sqlite3_stmt *)); |